Brute-force prevention for Authenticator?
Notice: This thread is very old.
- Honza Kuchař
- Member | 1662
Hi guys!
Don't you thing that there sould be some support from framework for brute-force password guessing? E.g.: Block user account, etc.? Some callback should be called when that situation occurs? Surely I'm talking more about sandbox than about framework, because there is no default implementation of user authentication in framework.
What do you thing about that? Or should it be just in hands of programmer? I think every application that has user accounts must deal with this.
- David Grudl
- Nette Core | 8107
DDoS attack should be somehow solved on server layer, not application.
- Honza Kuchař
- Member | 1662
Hmm, you are right. There should be some DDoS IP list managed by reverse proxy behind app server. Got it. Thanks!