[eluser]Skinnpenal[/eluser]
I'm curious, does anyone have any thoughts on how secure this auth library is?
I've up till now used FreakAuth, which I'm mainly abandoning because it feels so bloated.
Unfortunatly because I've still got a lot to learn about security, I can't judge much from what I see in the code. One point though, is that I see that limiting of login attempts is cookie based only, doesn't this basically mean that it has no effect on brute force attacks?