hc-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Joerg Bullmann" ...@heilancoo.net>
Subject Delaying response generation (for failed login attempts)
Date Thu, 16 Apr 2009 11:48:37 GMT
Hi all,

Say I have some kind of login mechansim of a web application. I would like to insert an artificial
delay of 5 or 10 seconds in case the login fails (due to wrong password or user name) to make
it a tad more awkward for poeople to break in using the brute force method.

Now all I want to do is slow down that connection. How do I do this with the least impact
on the overall system? I don't just want the worker thread dealing with this request to sleep
because that effectively blocks it and thus has an impact on the rest. I am using HTTP Core
NIO.

Which would be a good approach? I have looked at lots of the example code before, but do not
remember this kind of thing being mentioned.

I am asking because I would like to add this feature in the Little Portal Gizmo <http://lipog.sourceforge.net>.

Any pointers?

Cheers,
Joerg


---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@hc.apache.org
For additional commands, e-mail: dev-help@hc.apache.org


Mime
View raw message