Hi! I'd like to prevent brute force attacks on the login page of my wicket application. What would be the best approach? This is what I'm thinking about doing: Record when the last request for the loginpage from a certain IP came in and only handle the request when at least a second or two have passed. This would have to be done application wide because when an attacker uses a tool like cURL a new session is created with each request.
So what would you guys suggest? - Johannes ------------------------------------------------------------------------- Using Tomcat but need to do more? Need to support web services, security? Get stuff done quickly with pre-integrated technology to make your job easier Download IBM WebSphere Application Server v.1.0.1 based on Apache Geronimo http://sel.as-us.falkag.net/sel?cmd=lnk&kid=120709&bid=263057&dat=121642 _______________________________________________ Wicket-user mailing list Wicket-user@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/wicket-user