Disadvantage is that the server will keep the request processing thread
occupied during the waiting period. A brute force attach that fires
multiple requests simultaneously will not be stopped by this and will
bring the server to its knees even more quickly. So Johan was right, you
should not do this in the web application.
Now if you start using AsyncWeb it would be quite another story of course...
Regards,
Erik.
Johannes Fahrenkrug schreef:
> That's not a bad idea... that would mean delaying a response for a
> second or two _every time_ a false login happens... That would be a
> rather simple but yet effective solution, too: It would render brute
> force useless and behave quite similar to the Linux shell login you
> mentioned....
>
--
Erik van Oosten
http://www.day-to-day-stuff.blogspot.com/
-------------------------------------------------------------------------
Using Tomcat but need to do more? Need to support web services, security?
Get stuff done quickly with pre-integrated technology to make your job easier
Download IBM WebSphere Application Server v.1.0.1 based on Apache Geronimo
http://sel.as-us.falkag.net/sel?cmd=lnk&kid=120709&bid=263057&dat=121642
_______________________________________________
Wicket-user mailing list
Wicket-user@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/wicket-user
