[OWASP_PHPSEC] isBruteForce ?

Shivam Dixit shivamd001 at gmail.com
Mon Sep 2 14:41:34 UTC 2013


Hello,

I have posted the issue on github issue list. I have also made an attempt
to patch the issue and made a pull request on github. I am not certain
about the values of the constants  "bruteForceLockTimePeriod" and
"bruteForceLockAttemptTotalTime" as *I don't have stats*. Please give your
opinions on value of the constants mentioned above.

https://github.com/OWASP/phpsec/pull/64

According to my definition firstly we will check if time between two
consecutive request is less than *bruteForceLockTimePeriod*, if so it will
be brute force. Secondly I am testing that if total number of request are
more than or equal to *bruteForceLockAttempts* and time is less than
*bruteForceLockAttemptTotalTime
*(I have introduced this variable) then also it will be a brute force. So
we are handling both the situations separately.

Please correct me if I am thinking wrong.

On Mon, Sep 2, 2013 at 5:48 PM, Abbas Naderi <abiusx at owasp.org> wrote:

> It must be wrong then. File an issue in GitHub for Rahul to deal with it.
> -A
>
>
*
*
*Cheers,*
*Shivam Dixit*
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.owasp.org/pipermail/owasp_php_security_project/attachments/20130902/dded7513/attachment.html>


More information about the OWASP_PHP_Security_Project mailing list