Bad idea - some ISPs and proxys would be locked out... cachapta would be solution of choice here.
Regards Korbinian > -----Ursprüngliche Nachricht----- > Von: [EMAIL PROTECTED] > [mailto:[EMAIL PROTECTED] Im Auftrag > von Johannes Fahrenkrug > Gesendet: Montag, 6. November 2006 14:01 > An: wicket-user@lists.sourceforge.net > Betreff: [Wicket-user] Prevent Brute Force and the like > > Hi! > > I'd like to prevent brute force attacks on the login page of > my wicket application. What would be the best approach? This > is what I'm thinking about doing: Record when the last > request for the loginpage from a certain IP came in and only > handle the request when at least a second or two have passed. > This would have to be done application wide because when an > attacker uses a tool like cURL a new session is created with > each request. > > So what would you guys suggest? > > - Johannes > > -------------------------------------------------------------- > ----------- > Using Tomcat but need to do more? Need to support web > services, security? > Get stuff done quickly with pre-integrated technology to make > your job easier Download IBM WebSphere Application Server > v.1.0.1 based on Apache Geronimo > http://sel.as-us.falkag.net/sel?cmd=lnk&kid=120709&bid=263057&; dat=121642 > _______________________________________________ > Wicket-user mailing list > Wicket-user@lists.sourceforge.net > https://lists.sourceforge.net/lists/listinfo/wicket-user > ------------------------------------------------------------------------- Using Tomcat but need to do more? Need to support web services, security? Get stuff done quickly with pre-integrated technology to make your job easier Download IBM WebSphere Application Server v.1.0.1 based on Apache Geronimo http://sel.as-us.falkag.net/sel?cmd=lnk&kid=120709&bid=263057&dat=121642 _______________________________________________ Wicket-user mailing list Wicket-user@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/wicket-user
