<div dir="ltr">after 4-5 locks, introducing captcha is ok??</div><div class="gmail_extra"><br><br><div class="gmail_quote">On Sun, Jun 9, 2013 at 6:39 AM, Azeddine Islam Mennouchi <span dir="ltr"><<a href="mailto:azeddine.mennouchi@owasp.org" target="_blank">azeddine.mennouchi@owasp.org</a>></span> wrote:<br>
<blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex"><div dir="ltr">Hey,<div>For the locking thing</div><div>Locking account can be used in abusive way by an attacker any one can try to lock hundred of account think of alternatives like<span style="font-size:12px;background-color:rgb(245,245,245);font-family:Verdana,Arial,Helvetica,sans-serif">injecting random pauses in the login procces or somthing</span></div>

<div><span style="font-size:12px;background-color:rgb(245,245,245);font-family:Verdana,Arial,Helvetica,sans-serif"><br></span></div><div><span style="font-size:12px;background-color:rgb(245,245,245);font-family:Verdana,Arial,Helvetica,sans-serif">Regards Islam,</span></div>

</div><div class="gmail_extra"><br><br><div class="gmail_quote"><div><div class="h5">On Sun, Jun 9, 2013 at 10:39 AM, rahul chaudhary <span dir="ltr"><<a href="mailto:rahul300chaudhary400@gmail.com" target="_blank">rahul300chaudhary400@gmail.com</a>></span> wrote:<br>

</div></div><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex"><div><div class="h5"><div dir="ltr">Hello Guys,<div><br></div><div>I am having trouble thinking how to enforce the "remember me" functionality and "brute-force locking" functionality in the best way.</div>

<div><br></div><div>
I have not researched enough but I thought this place would be faster to get answers. :)<span><font color="#888888"><br clear="all"><div><br></div>-- <br><div>Regards,</div><div>Rahul Chaudhary</div><div>Ph - <a href="tel:412-519-9634" value="+14125199634" target="_blank">412-519-9634</a></div>


</font></span></div></div>
<br></div></div>_______________________________________________<br>
OWASP_PHP_Security_Project mailing list<br>
<a href="mailto:OWASP_PHP_Security_Project@lists.owasp.org" target="_blank">OWASP_PHP_Security_Project@lists.owasp.org</a><br>
<a href="https://lists.owasp.org/mailman/listinfo/owasp_php_security_project" target="_blank">https://lists.owasp.org/mailman/listinfo/owasp_php_security_project</a><br>
<br></blockquote></div><span class="HOEnZb"><font color="#888888"><br><br clear="all"><div><br></div>-- <br><div dir="ltr"><div>Islam Azeddine Mennouchi</div><div>Consultantat NovaSup</div><div><a href="http://www.novasup.com/" target="_blank">http://www.novasup.com/</a><br>

OWASP ALGERIA Chapter Leader<br>phone n: <a href="tel:%2B213796314102" value="+213796314102" target="_blank">+213796314102</a></div></div>
</font></span></div>
</blockquote></div><br><br clear="all"><div><br></div>-- <br><div>Regards,</div><div>Rahul Chaudhary</div><div>Ph - 412-519-9634</div>
</div>