Hi!

I'd like to prevent brute force attacks on the login page of my wicket 
application. What would be the best approach? This is what I'm thinking 
about doing: Record when the last request for the loginpage from a 
certain IP came in and only handle the request when at least a second or 
two have passed.
This would have to be done application wide because when an attacker 
uses a tool like cURL a new session is created with each request.

So what would you guys suggest?

- Johannes

-------------------------------------------------------------------------
Using Tomcat but need to do more? Need to support web services, security?
Get stuff done quickly with pre-integrated technology to make your job easier
Download IBM WebSphere Application Server v.1.0.1 based on Apache Geronimo
http://sel.as-us.falkag.net/sel?cmd=lnk&kid=120709&bid=263057&dat=121642
_______________________________________________
Wicket-user mailing list
Wicket-user@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/wicket-user

Reply via email to