Protect Against Brute Force Login Attack?

[Justin Grammens <ju...@yahoo.com>]

This kind of goes along with some emails I've seen
about Captcha support. Is there any way people using
Roller out there are securing their site from someone
running a password cracker against the login page? Is
there a simple way to only allow login access via IP
address? As a somewhat lame stopgap measure has anyone
tried putting in BASIC authentication into the web.xml
to force a second username/password to reach the login
page? <auth-method>BASIC</auth-method>
Other suggestions?
Just curious of what options might be available to try
and lock down the login.
Thanks,
Justin

__________________________________________________
Do You Yahoo!?
Tired of spam?  Yahoo! Mail has the best spam protection around 
http://mail.yahoo.com