[OWASP_PHPSEC] Remember Me & Brute Force Lock ?

rahul chaudhary rahul300chaudhary400 at gmail.com
Sun Jun 9 11:01:26 UTC 2013


after 4-5 locks, introducing captcha is ok??


On Sun, Jun 9, 2013 at 6:39 AM, Azeddine Islam Mennouchi <
azeddine.mennouchi at owasp.org> wrote:

> Hey,
> For the locking thing
> Locking account can be used in abusive way by an attacker any one can try
> to lock hundred of account think of alternatives like injecting random
> pauses in the login procces or somthing
>
> Regards Islam,
>
>
> On Sun, Jun 9, 2013 at 10:39 AM, rahul chaudhary <
> rahul300chaudhary400 at gmail.com> wrote:
>
>> Hello Guys,
>>
>> I am having trouble thinking how to enforce the "remember me"
>> functionality and "brute-force locking" functionality in the best way.
>>
>> I have not researched enough but I thought this place would be faster to
>> get answers. :)
>>
>> --
>> Regards,
>> Rahul Chaudhary
>> Ph - 412-519-9634
>>
>> _______________________________________________
>> OWASP_PHP_Security_Project mailing list
>> OWASP_PHP_Security_Project at lists.owasp.org
>> https://lists.owasp.org/mailman/listinfo/owasp_php_security_project
>>
>>
>
>
> --
> Islam Azeddine Mennouchi
> Consultant at NovaSup
> http://www.novasup.com/
> OWASP ALGERIA Chapter Leader
> phone n°: +213796314102
>



-- 
Regards,
Rahul Chaudhary
Ph - 412-519-9634
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.owasp.org/pipermail/owasp_php_security_project/attachments/20130609/d35a9aac/attachment.html>


More information about the OWASP_PHP_Security_Project mailing list