[Catalyst] Rate limiting password attacks
perrin at elem.com
Fri Aug 17 19:33:21 GMT 2007
On 8/17/07, Bill Moseley <moseley at hank.org> wrote:
> I missed something along the way in this thread. Cookies? Is that to
> block a specific client?
Yes, as opposed to an IP that could be a proxy.
> I'm just thinking of blocking specific logins when too many failed
> logins are attempted.
That works if they keep hitting the same login with different
passwords. Are you concerned about them trying many logins with a
common password? ("secret") That wouldn't be caught.
More information about the Catalyst