Limiting failed login attempts

[denno020]

I've got a somewhat simple problem I think.. I'm working on a uni practical, and one of the checkpoints is to limit the number of incorrect login attempts to 2. I know I could do this very easily with session variables, however on the practical sheet, it says that we're not allowed to modify any of the partially implemented code.

 

So I was wondering, what other ways are there to track the number of incorrect logins? If it comes to it, I will just use session variables, as it's pretty much the most sensible way I'd imagine.. but would like to know of any other possible ways..

 

Cheers

Denno

[PFMaBiSmAd]

Using session variables to do this is not secure because all you need to do to get another chance at entering data is to drop the session id and get a new session and the bad attempt count will start at zero.

 

You need to store the count using a method that the visitor cannot reset, such as in a database table.

[denno020]

thanks for the reply... Using a database, however, is well above the scope for this practical.. Is there anything simpler that I could use? I don't think there is a huge need for it being secure...

[PFMaBiSmAd]

I don't think there is a huge need for it being secure...

 

That's kind of funny. What purpose would limiting failed login attempts be used for?

[ionutvmi]

You can try cookies if you are looking for something simple....

but they can be easily deleted from browser so i think a good choise will be what PFMaBiSmAd recommended.

[voip03]

you can use text file( logingAttempts.txt) to count the number of loging attempts.

[denno020]

Ok thanks for the replies.. We are using a txt file as our 'database', where we were checking the usernames and passwords, so I guess I could just create a new txt file in a similar way..

 

Thanks

Denno

[voip03]

Job down. mark it, solved.