But in the long run, nothing based on ip-banning would be able to stop a sufficiently determined vandal. Neither would relying on registered accounts. At present, stealing someone else's account would be quite easy.
On Wed, Nov 20, 2002 at 10:38:22PM +0100, Erik Moeller wrote:
How so? Brute force password attacks? We can catch these by limiting the attempts. What else?
Stealing the cookie. Non-brute-force password guessing. Compromising a public machine. Compromising a private machine.
-M-