Hi Ray,
guck:
ProblemSome Web servers (HTTP servers) have the capability to lock out accounts after a certain number of failed login attempts. Some servers implement a lockout period, others lock the login account until an Administrator manually unlocks the account, and others reset the password to something random. Does the Lotus Domino Web server allow you to do account lockouts after a set number of failed login attempts?
SolutionThe Domino Web server does not provide this functionality as a product feature. An enhancement request for this new functionality has been submitted to Quality Engineering as SPR# LORN5ZZKPX. Currently, there are no plans to add this feature. Account lockouts can be a possible source of Denial Of Service (DOS) attacks, as anyone with can determine user names on the server could effectively keep those users from logging in by attempting the logins and having the account be automatically locked out.
If you want to provide this functionality for your users, you can use a DSAPI filter. For example, a sample DSAPI filter that can be used by customers to implement this functionality can be found in the Sandbox on the developerWorks Lotus Web site:
Demo-Customized AuthenticationAs with all Sandbox offerings, this DSAPI filter is not supported by IBM Support. All Sandbox downloads are licensed as-is, unsupported, and non-warranted.
Thema: Anzahl Loginversuche (web) limitieren (Gelesen 2017 mal)