[Catalyst] Rate limiting password attacks

Perrin Harkins perrin at elem.com
Fri Aug 17 19:33:21 GMT 2007

On 8/17/07, Bill Moseley <moseley at hank.org> wrote:
> I missed something along the way in this thread.  Cookies?  Is that to
> block a specific client?

Yes, as opposed to an IP that could be a proxy.

> I'm just thinking of blocking specific logins when too many failed
> logins are attempted.

That works if they keep hitting the same login with different
passwords.  Are you concerned about them trying many logins with a
common password?  ("secret")  That wouldn't be caught.

- Perrin

More information about the Catalyst mailing list