What is the best way to implement a “3 strikes your out” login auditing process. We have a web based portal that uses Lotus Notes for login authentication and would like to only give users 3 attempts to logon before they are locked out.
Commercial products are very expensive and rare. We are looking at coding some JSP that calls Lotus and a database to track attempts, user ID and IP address. Obviously we would like to avoid keeping cookies or other info on the client side to minimize loopholes.
Any suggestions? Seems like this would be standard code generally available, but we have had no luck tracking anything down.
James
