Details
-
Task
-
Resolution: Done
-
Major - P3
-
None
-
None
-
None
-
None
Description
In 3.2 we added a parameter to add a configurable delay for failed authentication. Upon a failed login, the server will wait x milliseconds before returning the failure to the client. This is in order to deter brute force attacks and protect the user from multiple failed scripted login attempts.
It was done as part of SERVER-20110 but we chose to leave it as undocumented for 3.2. It should be documented going forward now as it can have value for many of our users.