httpd-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From (Rodent of Unusual Size)
Subject PR #209 and delays in authentication retry
Date Sun, 30 Mar 1997 14:33:48 GMT
    PR#209 complains that, since he uses his system passwd file as his
    authentication source, Web-based attacks can be mounted on his
    accounts with no governor.  He wants us to impose a 5-second delay
    before responding with an authentication failure.

    I'd like to close this with a "not a chance" reply, but I want to
    make sure no-one else thinks this is a good idea, or worth
    considering, first.  Penalising people who mis-spell their
    passwords, or hit the CAPS-LOCK key, just because this chap uses his
    system passwd file to limit access surely doesn't sound like The
    Right Thing(tm) to me..

    #ken    :-/}

View raw message