-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 Esmond,
On 4/11/13 8:43 PM, Esmond Pitt wrote: > I referred to the OpenLDAP lockout mechanism, which is not at all > primitive. How does OpenLDAP do better than Tomcat? If I make repeated (failed) login attempts against a single user, can I cause them to be locked-out? DOS. Does OpenLDAP track the IP address(es) of the authentication attempts? (Tomcat would have to furnish that information via LDAP, which I don't believe it does). If it does cache them, I can hit you from many different IP addresses. D/DOS. If it's got a limited cache, I can game the cache by making of attempts, get locked-out, then purge myself from your cache by hitting you with other requests. Tomcat does an adequate job of mitigating casual break-in attempts. Really good protection is difficult and often still not sufficient because the bad guys always have the advantage. >> Would you be willing to review the Tomcat documentation on >> "securing Tomcat" and make a few comments? It could always use >> some additional tips: > > Sure, will do. Great! - -chris -----BEGIN PGP SIGNATURE----- Version: GnuPG/MacGPG2 v2.0.17 (Darwin) Comment: GPGTools - http://gpgtools.org Comment: Using GnuPG with Thunderbird - http://www.enigmail.net/ iQIcBAEBCAAGBQJRazRqAAoJEBzwKT+lPKRYRzIQAIJddWW2I/B5iYu9O2gx8oIQ EJj8gR6ZptF3E6GqOwJJPQ3YtE5dtocyRNLKc3as6Iw1slp1o/N9LZvxkuGZ5AJY iFzVUowRtGusf7xFcIT6Ld50MbK1fQkfHnBCi5HCawoQ+gaIcscqLHPBMjBqutjA dLu+7lIvCHpdeJ6y1EK6mtJXtgGvvi1iDOWSLHWIcLzvWaS8E83K/ydA3SRc2SAY C2q/ac7p5Luy74AGPkAyxP2FDjFBAtRFKmusUR9MJKEOFuz8eVo79Mq5nrrAfI0g h63ItO3n8jkqe0wzSC1ZBsaggcEMulAU5N3g5VvBWImQpQ2pL8IYAVfOK8wrqK27 Z1OqwgeY4gKdv/1NtAQg0sQ3i8AZ3ibzd+s3+dd8udj5nD9AmxtN2bC1AWnO37I3 YJp3MePLPxHemDS9wq75SMj+gq591xWXcCw3H1SgtCX8nKAkyZJraBMcDhrP3Qyd EcAAszdpAILvfLmzHl6AjQ4v6gOTYxxBIuv4PaIOx/UM3wYL/YUtovmGiU4AeL6V qVZrIa/CkM70LzvaGdbMSNXlT6pS79Bpfg1ER0jMuRGdECay31yGqn0F6lRR+pQn akqQNj3i1NCOJM3lc804g6P4jP6JohoUBGOIF7i7QA7ikqseA3Ndp/R8dZ5jhIWu ursp7X5nazb/05Ls91B5 =vf2o -----END PGP SIGNATURE----- --------------------------------------------------------------------- To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org