[OWASP_PHPSEC] Remember Me & Brute Force Lock ?

Azeddine Islam Mennouchi azeddine.mennouchi at owasp.org
Tue Jun 11 13:38:46 UTC 2013


yes Captcha is a solution

Regards Islam,


On Sun, Jun 9, 2013 at 1:01 PM, rahul chaudhary <
rahul300chaudhary400 at gmail.com> wrote:

> after 4-5 locks, introducing captcha is ok??
>
>
> On Sun, Jun 9, 2013 at 6:39 AM, Azeddine Islam Mennouchi <
> azeddine.mennouchi at owasp.org> wrote:
>
>> Hey,
>> For the locking thing
>> Locking account can be used in abusive way by an attacker any one can try
>> to lock hundred of account think of alternatives like injecting random
>> pauses in the login procces or somthing
>>
>> Regards Islam,
>>
>>
>> On Sun, Jun 9, 2013 at 10:39 AM, rahul chaudhary <
>> rahul300chaudhary400 at gmail.com> wrote:
>>
>>> Hello Guys,
>>>
>>> I am having trouble thinking how to enforce the "remember me"
>>> functionality and "brute-force locking" functionality in the best way.
>>>
>>> I have not researched enough but I thought this place would be faster to
>>> get answers. :)
>>>
>>> --
>>> Regards,
>>> Rahul Chaudhary
>>> Ph - 412-519-9634
>>>
>>> _______________________________________________
>>> OWASP_PHP_Security_Project mailing list
>>> OWASP_PHP_Security_Project at lists.owasp.org
>>> https://lists.owasp.org/mailman/listinfo/owasp_php_security_project
>>>
>>>
>>
>>
>> --
>> Islam Azeddine Mennouchi
>> Consultant at NovaSup
>> http://www.novasup.com/
>> OWASP ALGERIA Chapter Leader
>> phone n°: +213796314102
>>
>
>
>
> --
> Regards,
> Rahul Chaudhary
> Ph - 412-519-9634
>



-- 
Islam Azeddine Mennouchi
Consultant at NovaSup
http://www.novasup.com/
OWASP ALGERIA Chapter Leader
phone n°: +213796314102
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.owasp.org/pipermail/owasp_php_security_project/attachments/20130611/24d5557a/attachment.html>


More information about the OWASP_PHP_Security_Project mailing list