How should I store my users passwords in my DB?
#5
One discussion I've had recently with some people for online attacks is to limit both per-IP attempts per second, and per-username attempts per second, with the limit being tripped causing an "automatic reject."

Don't tell the bot that you've caught it. Just let it sail through the right password without you bothering to tell it that it's succeeded.


Messages In This Thread
RE: How should I store my users passwords in my DB? - by Bitweasil - 07-19-2012, 10:25 PM