|
I was just reading this post http://stackoverflow.com/questions/549/the-definitive-guide-to-website-authentication-beta#477585 on Preventing Rapid-Fire Login Attempts.
Best practice #1: A short time delay that increases with the number of failed attempts...
Started by jasondavis on
, 10 posts
by 10 people.
Answer Snippets (Read the full thread at stackoverflow):
$failed_attempts = 3; // for example $latest_attempt = 1263874972; // again, for example $delay_in_seconds = pow(2, $failed_attempts); // that's 2 to the $failed....
attempts there were, and the time of the latest attempt.
|
|
Hi there, I'm seeing web apps implementing limitations for user login attempts.
Is it a security necessity and, if so, why?
For example: you had three failed login attempts, let's try again in 10 minutes!!
thanks :)
Started by artarad on
, 8 posts
by 8 people.
Answer Snippets (Read the full thread at stackoverflow):
If the attempt counter exceeds the number of grace attempts allowed then I check whether the ....
That was attempted (ie 'log in', 'search', 'comment') The time of the attempt Number of attempts (attempt counter.
|
|
Is there any reliable way to monitor failed logon attempts on-the-fly in Windows XP? (well, Vista too for that matter). I need to monitor failed logon attempts programmatically which is currently accomplished with a simple GINA Stub by subclassing the...
Started by Jonas on
, 5 posts
by 5 people.
Answer Snippets (Read the full thread at serverfault):
On attempts on-the-fly", do you mean you want something that reacts in real time to a failed log.
|
Ask your Facebook Friends
|
Last night we had 45,000 failed attempts to access an MSSQL database on a high profile site, which seems to correlate with portions of the application ceasing to work last night. However, when we pushed the main 3 DLLs live this morning, the issue was...
Started by Jeff C on
, 3 posts
by 3 people.
Answer Snippets (Read the full thread at stackoverflow):
Lots of failure could cause the application to fail through logging, or IIS seeing multiple failures and shutting down the worker process, or a number of reasons... .
Uploading the DLLs will cause the application to reboot, hence it starting to work again .
|
|
I'm writing a comprehensive authentication system for an application and I was planning on logging failed authentication attempts in order to implement better security. I would like to check failed passwords for both brute force and dictionary attacks...
Started by evolve on
, 10 posts
by 10 people.
Answer Snippets (Read the full thread at stackoverflow):
Don't store failed attempts - you're quite right that the plaintext password should be handled minimally ....
Of failed attempts and possibly having an exponential timeout window for when a login attempt can: the volume of requests .
|
|
A friend of mine posed a question about how he could secure his laptop when connecting to public WiFi hotspots. He considers encryption of sensitive files a good idea and he has already downloaded a good encryption package.
Are there any good utilities...
Started by Axxmasterr on
, 6 posts
by 6 people.
Answer Snippets (Read the full thread at superuser):
Your best bet is probably....
I see a few superuser questions that talk about the ones in Windows XP and Windows 7 if you're on either of those OSes .
There are basic firewalls built into current operating systems.
What you're looking for is called a Firewall.
|
|
I'm thinking about building a login system for Ruby on Rails, much like this one
http://visionmasterdesigns.com/tutorial-create-a-login-system-in-ruby-on-rails/
In terms of security, should I limit the attempts a user can have to login if they get their...
Started by conspirisi on
, 5 posts
by 5 people.
Answer Snippets (Read the full thread at stackoverflow):
Send an email to the ....
Do you know over a certain amount of time storing the login attempts on the database, memcached, redis, tokyo from multiple IPs.
Yes limiting the number of login attempts per ip (not per session) increases security.
|
|
I have been trying to Google up an answer for this, but I can never seem to find the right answer.
I've been given the job of finding out how to lock out an account from SQL Server 2008(on Windows Server 2008 Standard SP2) after there's been so many number...
Started by Ross on
, 3 posts
by 3 people.
Answer Snippets (Read the full thread at serverfault):
We talked about this....
Unfortunately you are in a bad place.
Unfortunately, you are running standard.
SQL Server 2008 Enterprise Edition and above support the ability to set security policies which includes the ability to set lockout count and durations .
|
|
I have a website that seems to get more than it's fair share of hacking attempts. It has not been broken yet, but I'd like to build into the system a good way to detect the attempt and block the IP.
Would the best way to detect this be to simply do a ...
Started by rockinthesixstring on
, 3 posts
by 3 people.
Answer Snippets (Read the full thread at stackoverflow):
On topic, I think the best way to handle SQL injection is to log the attempt, not block.
|
|
Dear all, today i have given F1 exam but unfortunately i failed it second time and i got same result as i got in my 1st attempt 42%
I don't know what is my weakness & i can't understand my weakness , please help me anyhow . I'm very dishearted 2 attempts...
Started by tariqkath on
, 1 posts
by 1 people.
Answer Snippets (Read the full thread at accafriends):
|
