httpd-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Jim Jagielski <...@jaguNET.com>
Subject Re: PR #209 and delays in authentication retry
Date Sun, 30 Mar 1997 15:41:57 GMT
Rodent of Unusual Size wrote:
> 
>     PR#209 complains that, since he uses his system passwd file as his
>     authentication source, Web-based attacks can be mounted on his
>     accounts with no governor.  He wants us to impose a 5-second delay
>     before responding with an authentication failure.
> 
>     I'd like to close this with a "not a chance" reply, but I want to
>     make sure no-one else thinks this is a good idea, or worth
>     considering, first.  Penalising people who mis-spell their
>     passwords, or hit the CAPS-LOCK key, just because this chap uses his
>     system passwd file to limit access surely doesn't sound like The
>     Right Thing(tm) to me..
> 

-1 on the 5-second-delay-because-I'm-a-complete-bonehead patch.

-- 
====================================================================
      Jim Jagielski            |       jaguNET Access Services
     jim@jaguNET.com           |       http://www.jaguNET.com/
                  "Not the Craw... the CRAW!"

Mime
View raw message