Another option is to lower the throughput (number of login requests
handled per minute) for that IP address.
In this case you should probably use Wicket 2 to optimize session usage.
Erik.
Korbinian Bachl schreef:
> Bad idea - some ISPs and proxys would be locked out... cachapta would be
> solution of choice here.
>
> Regards
>
> Korbinian
>
>
>
>> -----Ursprüngliche Nachricht-----
>> Von: [EMAIL PROTECTED]
>> [mailto:[EMAIL PROTECTED] Im Auftrag
>> von Johannes Fahrenkrug
>> Gesendet: Montag, 6. November 2006 14:01
>> An: wicket-user@lists.sourceforge.net
>> Betreff: [Wicket-user] Prevent Brute Force and the like
>>
>> Hi!
>>
>> I'd like to prevent brute force attacks on the login page of
>> my wicket application. What would be the best approach? This
>> is what I'm thinking about doing: Record when the last
>> request for the loginpage from a certain IP came in and only
>> handle the request when at least a second or two have passed.
>> This would have to be done application wide because when an
>> attacker uses a tool like cURL a new session is created with
>> each request.
>>
>> So what would you guys suggest?
>>
>> - Johannes
>>
>>
--
Erik van Oosten
http://www.day-to-day-stuff.blogspot.com/
-------------------------------------------------------------------------
Using Tomcat but need to do more? Need to support web services, security?
Get stuff done quickly with pre-integrated technology to make your job easier
Download IBM WebSphere Application Server v.1.0.1 based on Apache Geronimo
http://sel.as-us.falkag.net/sel?cmd=lnk&kid=120709&bid=263057&dat=121642
_______________________________________________
Wicket-user mailing list
Wicket-user@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/wicket-user
