> On 6 Sep 2019, at 16:50, Eric Naujock <e...@mac-cafe.com> wrote: > >>> >>> 4. No account lockouts for fail authentication attempts. An attacker >>> can just continuously try usernames and passwords indefinitely. >> the only workaround is to have to write your own login dialog. >> I do not know if this is viable for iOS or web based access. > > Yep, That is a definite roll your own. But if you want to be seriously > considered in this day and age with a security focused department you best > have this as an option. 4D is using BCrypt algorithm which is slow by design to hash the password. More about it : https://en.wikipedia.org/wiki/Bcrypt There is a 4D function and a 4D command that can be used to change the current user and validate a password : - Validate password - CHANGE CURRENT USER The command execution of both are delayed to prevent flooding (brute force attack). As a result, after the 4th call to these commands, it is run only after a period of 10 seconds. This delay is throughout the entire work station. So brute force is not really a big issue here ! Maurice Inzirillo -- AJAR S.A. https://ch-fr.4d.com twitter: ajar_info Tél : +41 (0)323422684 ********************************************************************** 4D Internet Users Group (4D iNUG) Archive: http://lists.4d.com/archives.html Options: https://lists.4d.com/mailman/options/4d_tech Unsub: mailto:4d_tech-unsubscr...@lists.4d.com **********************************************************************
Re: 4D authentication system that allow for stronger security.
Maurice Inzirillo - AJAR via 4D_Tech Fri, 06 Sep 2019 08:25:19 -0700
- Re: 4D authentication system that all... Jeffrey Kain via 4D_Tech
- Re: 4D authentication system tha... Jörg Knebel via 4D_Tech
- Re: 4D authentication system... Tom Benedict via 4D_Tech
- Re: 4D authentication sy... Jeffrey Kain via 4D_Tech
- Re: 4D authentication system that all... Jörg Knebel via 4D_Tech
- Re: 4D authentication system tha... Eric Naujock via 4D_Tech
- Re: 4D authentication system that all... Maurice Inzirillo - AJAR via 4D_Tech
- Re: 4D authentication system tha... Eric Naujock via 4D_Tech
- Re: 4D authentication system... Chip Scheide via 4D_Tech
- Re: 4D authentication sy... Eric Naujock via 4D_Tech
- Re: 4D authenticatio... Maurice Inzirillo - AJAR via 4D_Tech
- Re: 4D authenticatio... Chip Scheide via 4D_Tech
- Re: 4D authenti... Eric Naujock via 4D_Tech
- Re: 4D authentication system... Kirk Brooks via 4D_Tech
- Re: 4D authentication system... Jody Bevan via 4D_Tech
- Re: 4D authentication system that all... Kirk Brooks via 4D_Tech
- Re: 4D authentication system that all... Tim Nevels via 4D_Tech
- Re: 4D authentication system tha... Tom Benedict via 4D_Tech