Thread.sleep() for only one session

2008-12-05 Thread Anton Veretennikov
Hello all Wicket users. One more question today. I need to implement appearence of sleep if user (session, IP address) tries incorrect login many times. Thread.sleep() seems to stop all sessions at once. Any ideas? Thank you! -

Re: Thread.sleep() for only one session

2008-12-05 Thread Jeremy Thomerson
You definitely do NOT want to intentionally sleep a thread - that halts the request, and uses up your thread pool. You instead want the request to complete, but you don't want to allow them to continue trying. So, that being said, you could: 1 - add a value to their session like private long

Re: Thread.sleep() for only one session

2008-12-05 Thread Maarten Bosteels
If you're trying to defend against a brute-force password guessing attack, you could add a captcha to your logon form after x failed login attempts from one IP address. Maarten On Fri, Dec 5, 2008 at 5:20 PM, Jeremy Thomerson [EMAIL PROTECTED]wrote: You definitely do NOT want to intentionally

Re: Thread.sleep() for only one session

2008-12-05 Thread Anton Veretennikov
Thank you for valuable information! Tony. On Sat, Dec 6, 2008 at 12:36 AM, Maarten Bosteels [EMAIL PROTECTED] wrote: If you're trying to defend against a brute-force password guessing attack, you could add a captcha to your logon form after x failed login attempts from one IP address.

RE: Thread.sleep() for only one session

2008-12-05 Thread Bruno Cesar Borges
PROTECTED] Sent: Friday, December 05, 2008 3:37 PM To: users@wicket.apache.org Subject: Re: Thread.sleep() for only one session If you're trying to defend against a brute-force password guessing attack, you could add a captcha to your logon form after x failed login attempts from one IP address

Re: Thread.sleep() for only one session

2008-12-05 Thread James Carman
, 2008 3:37 PM To: users@wicket.apache.org Subject: Re: Thread.sleep() for only one session If you're trying to defend against a brute-force password guessing attack, you could add a captcha to your logon form after x failed login attempts from one IP address. Maarten On Fri, Dec 5, 2008 at 5

RE: Thread.sleep() for only one session

2008-12-05 Thread Bruno Cesar Borges
Indeed. -Original Message- From: James Carman [mailto:[EMAIL PROTECTED] Sent: Friday, December 05, 2008 3:52 PM To: users@wicket.apache.org Subject: Re: Thread.sleep() for only one session But, if you only show the captcha after so many failed logins, wouldn't that be okay? You let

Re: Thread.sleep() for only one session

2008-12-05 Thread James Carman
- From: James Carman [mailto:[EMAIL PROTECTED] Sent: Friday, December 05, 2008 3:52 PM To: users@wicket.apache.org Subject: Re: Thread.sleep() for only one session But, if you only show the captcha after so many failed logins, wouldn't that be okay? You let them try a few times

RE: Thread.sleep() for only one session

2008-12-05 Thread Hoover, William
, December 05, 2008 11:21 AM To: users@wicket.apache.org Subject: Re: Thread.sleep() for only one session You definitely do NOT want to intentionally sleep a thread - that halts the request, and uses up your thread pool. You instead want the request to complete, but you don't want to allow them