发表新帖
发表新帖

Throttling login attempts

前端 未结
关注
5 2101
长发绾君心
长发绾君心 2020-12-04 22:14

(This is in principal a language-agnostic question, though in my case I am using ASP.NET 3.5)

I am using the standard ASP.NET login control and would like to impleme

5条回答
  • 广开言路
    广开言路 (楼主)
    2020-12-04 23:06

    Jeff Atwood mentioned another approach: Rather than locking an account after a number of attempts, increase the time until another login attempt is allowed:

    1st failed login    no delay
2nd failed login    2 sec delay
3rd failed login    4 sec delay
4th failed login    8 sec delay
5th failed login    16 sec delay

    That would reduce the risk that this protection measure can be abused for denial of service attacks.

    See http://www.codinghorror.com/blog/archives/001206.html

    0 讨论(0)
 看不清?
提交回复
热议问题