Brute-force prevention for Authenticator?

Notice: This thread is very old.
Honza Kuchař
Backer | 1655
+
0
-

Hi guys!

Don't you thing that there sould be some support from framework for brute-force password guessing? E.g.: Block user account, etc.? Some callback should be called when that situation occurs? Surely I'm talking more about sandbox than about framework, because there is no default implementation of user authentication in framework.

What do you thing about that? Or should it be just in hands of programmer? I think every application that has user accounts must deal with this.

David Grudl
Nette Core | 7251
+
+2
-

DDoS attack should be somehow solved on server layer, not application.

Honza Kuchař
Backer | 1655
+
0
-

Hmm, you are right. There should be some DDoS IP list managed by reverse proxy behind app server. Got it. Thanks!