Hi all, I hope this is the right forum. I'm adding a login feature to an existing web application where a user logs in X many times with the wrong password, that person gets locked out. I have a couple of ideas but wanted to double check if there already exists a defined process that every web app follows. 1) I was thinking of keeping track of the user login attempts in the database and each time the user tries to login with incorrect password. After so many tries, it locks the user out. 2) I was also thinking of keeping track of the number login in attempts in a text file. The login jsp/servlet file can query this file to see how many times this user as attempted to login. So, What do you guys think? Can anyone recommend some resources for me to read? Thanks,
If you are already accessing a DB for user login info, why would you need to resort to a secondary text file? hth, bear P.S. The Servlets or JSP forums are usually the best places to ask web app related questions. (Or the Tomcat forum if it's Tomcat specific).
I was going to use either 1 or 2. Not both. I was just wondering what people would recommend or if there was another approach. I saw your other message. Sorry. I will post future questions to Tomcat forum. Thanks,