httpd-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Jim Jagielski <>
Subject Re: PR #209 and delays in authentication retry
Date Sun, 30 Mar 1997 15:41:57 GMT
Rodent of Unusual Size wrote:
>     PR#209 complains that, since he uses his system passwd file as his
>     authentication source, Web-based attacks can be mounted on his
>     accounts with no governor.  He wants us to impose a 5-second delay
>     before responding with an authentication failure.
>     I'd like to close this with a "not a chance" reply, but I want to
>     make sure no-one else thinks this is a good idea, or worth
>     considering, first.  Penalising people who mis-spell their
>     passwords, or hit the CAPS-LOCK key, just because this chap uses his
>     system passwd file to limit access surely doesn't sound like The
>     Right Thing(tm) to me..

-1 on the 5-second-delay-because-I'm-a-complete-bonehead patch.

      Jim Jagielski            |       jaguNET Access Services           |
                  "Not the Craw... the CRAW!"

View raw message