FUDforum
Fast Uncompromising Discussions. FUDforum will get your users talking.

Home » FUDforum Development » FUDforum 3.0+ » Brake inn
Show: Today's Messages :: Polls :: Message Navigator
Return to the default flat view Create a new topic Submit Reply
Re: Brake inn [message #17211 is a reply to message #17064] Fri, 19 March 2004 19:03 Go to previous messageGo to previous message
Gribnif is currently offline  Gribnif   United States
Messages: 82
Registered: December 2003
Karma:
Member
I have a couple of suggestions that might help to prevent people from brute-force guessing passwords. Either one would probably work:

1. Limit the number of times a username can have wrong password guesses before it is temporarily disabled. So, if someone tries (and fails) to guess the password for user "Joe" 10 times in a row, the account is disabled for an hour. This should probably also leave a message in the log.

2. Take progressively longer to respond to bad logins. The first time a user enters the wrong password, respond immediately. The second time, sleep for 5 seconds before responding; the third time in a row, 10 seconds.

Either way, it will take a very long time to guess a user's password.
[Message index]
 
Read Message
Read Message
Read Message
Read Message
Read Message
Read Message
Read Message
Read Message
Read Message
Read Message
Previous Topic: Virusi a thought.
Next Topic: Post 2.6.0 TODO
Goto Forum:
  

-=] Back to Top [=-
[ Syndicate this forum (XML) ] [ RSS ]

Current Time: Fri Nov 22 11:53:05 GMT 2024

Total time taken to generate the page: 0.03948 seconds