I was thinking about recaptcha support. The purpose of recaptcha is to
make sure a bot is not trying to log into system. Really good for
something like registration, but also very useful for regular logins for
extra security. Recaptcha would elleviate the need for Brute Force
Protector.
This thing is though, if you still have direct grant, then putting in
recaptcha at login is pointless as an attacker can just go through
direct grant.
Can we bring back the ability to disable direct grant?
--
Bill Burke
JBoss, a division of Red Hat
http://bill.burkecentral.com