Thanks for these suggestions - very clever. I don't suppose there's any performance difference between using this cfscript or the exclusive deadlock method posted as well... Both would only affect the current request yeah (if the cflock name was unique for each request that is)?
And I need to delay after *each* failed attempt because different username and password combinations could be attempted. I guess it's unlikely, but if you make any type of automated attack too inconvenient the script kiddies will move onto the next target. Kay. "Jared Clinton" <[EMAIL PROTECTED]> wrote: > Kay, > > If you search this lists archive this article shows how to delay > execution: > > http://www.mail-archive.com/cf-talk@houseoffusion.com/msg69317.html > > > ---------snip-------- > > <CFSET started = now()> > <!--- set the number of seconds to wait ---> > <CFSET finished = DateAdd("s", 3, now())> > > <CFSCRIPT> > x = 1; > // re-set the initial var to now() until it catches up > with the number of seconds to wait > while (DateCompare(started, finished, "s") LTE 0) { > started = now(); > //writeoutput(x & "... still waiting <br />"); > //x = IncrementValue(x); > } > </CFSCRIPT> > > ---------end snip---- > > Although, wouldn't it be better to return the response immediately and > in > some permanent storage remove/disable the login for X amount of > seconds? > > Jared Clinton > NEC Australia > > -----Original Message----- > From: Kay Smoljak [mailto:[EMAIL PROTECTED]] > Sent: Tuesday, 12 February 2002 1:47 PM > To: CF-Talk > Subject: Pausing execution > > > I have a password system that requires a two second delay after a > failed > password attempt, to foil brute force automated cracking attempts. > There's two tags in the developers exchange - CFX_Sleep and CF_aSleep. > > CFX_Sleep is free, but I don't really want to go to the bother of > getting a CFX installed on shared hosting. > > CF_aSleep is $5, and claims: "Will delay execution of the current > template for specified number of seconds by TRUE BLOCKING of the > current reguest, as opposed to looping, or doing some useless job. Tag > WILL CONSUME MINIMAL SYSTEM RESOURCES while sleeping." > > Has anyone used this tag? I don't mind forking out the $5 (actually > $10 in Australian pesos) but does it really work? Does anyone have a > better way of delaying the user for a certain amount of time? > > Thanks, > Kay. > ______________________________________________________ > Kay Smoljak - ColdFusion Developer - PerthWeb Pty Ltd > > Level 9/105 St George's Terrace - Perth - Western Australia > Ph: (08) 9226 1366 Fax: (08) 9226 1375 www.perthweb.com.au > > http://developer.perthweb.com.au - Tools for Developers cfx_pwcamtech > | cfx_pwimageproc | cfx_pwcardcyrpt > > > > > > ______________________________________________________________________ Get Your Own Dedicated Windows 2000 Server PIII 800 / 256 MB RAM / 40 GB HD / 20 GB MO/XFER Instant Activation · $99/Month · Free Setup http://www.pennyhost.com/redirect.cfm?adcode=coldfusionb FAQ: http://www.thenetprofits.co.uk/coldfusion/faq Archives: http://www.mail-archive.com/cf-talk@houseoffusion.com/ Unsubscribe: http://www.houseoffusion.com/index.cfm?sidebar=lists
