[OWASP_PHPSEC] Remember Me & Brute Force Lock ?
Azeddine Islam Mennouchi
azeddine.mennouchi at owasp.org
Sun Jun 9 10:39:32 UTC 2013
For the locking thing
Locking account can be used in abusive way by an attacker any one can try
to lock hundred of account think of alternatives like injecting random
pauses in the login procces or somthing
On Sun, Jun 9, 2013 at 10:39 AM, rahul chaudhary <
rahul300chaudhary400 at gmail.com> wrote:
> Hello Guys,
> I am having trouble thinking how to enforce the "remember me"
> functionality and "brute-force locking" functionality in the best way.
> I have not researched enough but I thought this place would be faster to
> get answers. :)
> Rahul Chaudhary
> Ph - 412-519-9634
> OWASP_PHP_Security_Project mailing list
> OWASP_PHP_Security_Project at lists.owasp.org
Islam Azeddine Mennouchi
Consultant at NovaSup
OWASP ALGERIA Chapter Leader
phone n°: +213796314102
-------------- next part --------------
An HTML attachment was scrubbed...
More information about the OWASP_PHP_Security_Project