[OWASP_PHPSEC] Remember Me & Brute Force Lock ?
rahul300chaudhary400 at gmail.com
Sun Jun 9 11:01:26 UTC 2013
after 4-5 locks, introducing captcha is ok??
On Sun, Jun 9, 2013 at 6:39 AM, Azeddine Islam Mennouchi <
azeddine.mennouchi at owasp.org> wrote:
> For the locking thing
> Locking account can be used in abusive way by an attacker any one can try
> to lock hundred of account think of alternatives like injecting random
> pauses in the login procces or somthing
> Regards Islam,
> On Sun, Jun 9, 2013 at 10:39 AM, rahul chaudhary <
> rahul300chaudhary400 at gmail.com> wrote:
>> Hello Guys,
>> I am having trouble thinking how to enforce the "remember me"
>> functionality and "brute-force locking" functionality in the best way.
>> I have not researched enough but I thought this place would be faster to
>> get answers. :)
>> Rahul Chaudhary
>> Ph - 412-519-9634
>> OWASP_PHP_Security_Project mailing list
>> OWASP_PHP_Security_Project at lists.owasp.org
> Islam Azeddine Mennouchi
> Consultant at NovaSup
> OWASP ALGERIA Chapter Leader
> phone n°: +213796314102
Ph - 412-519-9634
-------------- next part --------------
An HTML attachment was scrubbed...
More information about the OWASP_PHP_Security_Project