I guess that depends... I think you have to let the webapplication handle it if you want to prevent brute force dictionary attacks on the login page only. Especially if you want to do this on a per username basis or even use captchas (thanks Pierre-Yves). I don't think the hardware or the server software could handle this or am I wrong?
- Johannes Johan Compagner wrote: > isn't this more the responsibility for the hardware/software that runs > wicket? > So Apache or WebLogic itself? That does the throttling? > I wouldn't try to solve this in a webapplication. > > johan > > > On 11/6/06, *Johannes Fahrenkrug* <[EMAIL PROTECTED] > <mailto:[EMAIL PROTECTED]>> wrote: > > Hi! > > I'd like to prevent brute force attacks on the login page of my wicket > application. What would be the best approach? This is what I'm > thinking > about doing: Record when the last request for the loginpage from a > certain IP came in and only handle the request when at least a > second or > two have passed. > This would have to be done application wide because when an attacker > uses a tool like cURL a new session is created with each request. > > So what would you guys suggest? > > - Johannes > > ------------------------------------------------------------------------- > Using Tomcat but need to do more? Need to support web services, > security? > Get stuff done quickly with pre-integrated technology to make your > job easier > Download IBM WebSphere Application Server v.1.0.1 based on Apache > Geronimo > http://sel.as-us.falkag.net/sel?cmd=lnk&kid=120709&bid=263057&dat=121642 > <http://sel.as-us.falkag.net/sel?cmd=lnk&kid=120709&bid=263057&dat=121642> > _______________________________________________ > Wicket-user mailing list > Wicket-user@lists.sourceforge.net > <mailto:Wicket-user@lists.sourceforge.net> > https://lists.sourceforge.net/lists/listinfo/wicket-user > > >------------------------------------------------------------------------ > >------------------------------------------------------------------------- >Using Tomcat but need to do more? Need to support web services, security? >Get stuff done quickly with pre-integrated technology to make your job easier >Download IBM WebSphere Application Server v.1.0.1 based on Apache Geronimo >http://sel.as-us.falkag.net/sel?cmd=lnk&kid=120709&bid=263057&dat=121642 > >------------------------------------------------------------------------ > >_______________________________________________ >Wicket-user mailing list >Wicket-user@lists.sourceforge.net >https://lists.sourceforge.net/lists/listinfo/wicket-user > > ------------------------------------------------------------------------- Using Tomcat but need to do more? Need to support web services, security? Get stuff done quickly with pre-integrated technology to make your job easier Download IBM WebSphere Application Server v.1.0.1 based on Apache Geronimo http://sel.as-us.falkag.net/sel?cmd=lnk&kid=120709&bid=263057&dat=121642 _______________________________________________ Wicket-user mailing list Wicket-user@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/wicket-user
