[OWASP_PHPSEC] Remember Me & Brute Force Lock ?

Azeddine Islam Mennouchi azeddine.mennouchi at owasp.org
Sun Jun 9 10:39:32 UTC 2013


Hey,
For the locking thing
Locking account can be used in abusive way by an attacker any one can try
to lock hundred of account think of alternatives like injecting random
pauses in the login procces or somthing

Regards Islam,


On Sun, Jun 9, 2013 at 10:39 AM, rahul chaudhary <
rahul300chaudhary400 at gmail.com> wrote:

> Hello Guys,
>
> I am having trouble thinking how to enforce the "remember me"
> functionality and "brute-force locking" functionality in the best way.
>
> I have not researched enough but I thought this place would be faster to
> get answers. :)
>
> --
> Regards,
> Rahul Chaudhary
> Ph - 412-519-9634
>
> _______________________________________________
> OWASP_PHP_Security_Project mailing list
> OWASP_PHP_Security_Project at lists.owasp.org
> https://lists.owasp.org/mailman/listinfo/owasp_php_security_project
>
>


-- 
Islam Azeddine Mennouchi
Consultant at NovaSup
http://www.novasup.com/
OWASP ALGERIA Chapter Leader
phone n°: +213796314102
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.owasp.org/pipermail/owasp_php_security_project/attachments/20130609/3a228783/attachment.html>


More information about the OWASP_PHP_Security_Project mailing list