I would really like if there were a sub-routine which (I guess via cookies) would check how many times a user has tried to login with a bad user name and password, and give him an appropriate "Login attempts exceeds allowed limit for failed logins." screen.

This screen would not have the input fields for login and password, but could rather ask the user to contact his administrator, or request his username and password via email.

Has anyone accomplished this using cookies, Javascript or Perl which will work for a Win95 Webserver...? I think this may be a useful addition to DBman for those of us concerned about additional security.

The failed login cookie (or whatever is used) could expire in, say, an hour or something appropriate.

Share your ideas ...!

Is this to stop someone from continuously guessing at a password? If so, you won't want to do it with cookies, but rather with some database on the server side (as the user could just turn off cookies and keep trying).

Thanks for the suggestion, I'll consider adding it in (but won't be for a little while).

Cheers,

Alex

Yeah, the idea would be to stop someone from continually guessing at a password, and you're right; cookies wouldn't be a really secure way to do this.
However, I'm just running DBman on a Win95 server, in an small office environment where people don't know that much about their browsers or their internet to even know what a cookie is !!

If anyone has done this with Javascript, and would like to share it until Alex implements a server side solution, please post !!!