On Thu Dec 17 15:48:14 2009, Jonathan Dickinson wrote:
Sorry for not conforming to the list standards, I am on my mobile.
Logins taking a long time is advantageous, remember we are not a
primitive/chatty protocol like HTTP; so burning CPU cycles during a
login is a VERY small problem; people often forget that we are not
in the same realm of HTTP. The advantage mentioned is that: more
time to verify a password = less brute operations per second = more
time for an admin to notice.
And so much easier to DOS a server without having to have an account
on it.
Really, advantageous all round.
Dave.
--
Dave Cridland - mailto:[email protected] - xmpp:[email protected]
- acap://acap.dave.cridland.net/byowner/user/dwd/bookmarks/
- http://dave.cridland.net/
Infotrope Polymer - ACAP, IMAP, ESMTP, and Lemonade
_______________________________________________
JDev mailing list
Forum: http://www.jabberforum.org/forumdisplay.php?f=20
Info: http://mail.jabber.org/mailman/listinfo/jdev
Unsubscribe: [email protected]
_______________________________________________
