Hello all Wicket users.
One more question today.
I need to implement appearence of sleep if user (session, IP
address) tries incorrect login many times.
Thread.sleep() seems to stop all sessions at once. Any ideas?
Thank you!
-
You definitely do NOT want to intentionally sleep a thread - that halts the
request, and uses up your thread pool. You instead want the request to
complete, but you don't want to allow them to continue trying. So, that
being said, you could:
1 - add a value to their session like private long
If you're trying to defend against a brute-force password guessing attack,
you could add a captcha to your logon form after x failed login attempts
from one IP address.
Maarten
On Fri, Dec 5, 2008 at 5:20 PM, Jeremy Thomerson
[EMAIL PROTECTED]wrote:
You definitely do NOT want to intentionally
Thank you for valuable information!
Tony.
On Sat, Dec 6, 2008 at 12:36 AM, Maarten Bosteels
[EMAIL PROTECTED] wrote:
If you're trying to defend against a brute-force password guessing attack,
you could add a captcha to your logon form after x failed login attempts
from one IP address.
PROTECTED]
Sent: Friday, December 05, 2008 3:37 PM
To: users@wicket.apache.org
Subject: Re: Thread.sleep() for only one session
If you're trying to defend against a brute-force password guessing attack,
you could add a captcha to your logon form after x failed login attempts
from one IP address
, 2008 3:37 PM
To: users@wicket.apache.org
Subject: Re: Thread.sleep() for only one session
If you're trying to defend against a brute-force password guessing attack,
you could add a captcha to your logon form after x failed login attempts
from one IP address.
Maarten
On Fri, Dec 5, 2008 at 5
Indeed.
-Original Message-
From: James Carman [mailto:[EMAIL PROTECTED]
Sent: Friday, December 05, 2008 3:52 PM
To: users@wicket.apache.org
Subject: Re: Thread.sleep() for only one session
But, if you only show the captcha after so many failed logins, wouldn't that
be okay? You let
-
From: James Carman [mailto:[EMAIL PROTECTED]
Sent: Friday, December 05, 2008 3:52 PM
To: users@wicket.apache.org
Subject: Re: Thread.sleep() for only one session
But, if you only show the captcha after so many failed logins, wouldn't
that
be okay? You let them try a few times
, December 05, 2008 11:21 AM
To: users@wicket.apache.org
Subject: Re: Thread.sleep() for only one session
You definitely do NOT want to intentionally sleep a thread - that halts
the request, and uses up your thread pool. You instead want the request
to complete, but you don't want to allow them