Uploaded image for project: 'Documentation'
  1. Documentation
  2. DOCS-8695

Document configurable delay for failed auth

    XMLWordPrintableJSON

Details

    • Icon: Task Task
    • Resolution: Done
    • Icon: Major - P3 Major - P3
    • None
    • None
    • None
    • None

    Description

      In 3.2 we added a parameter to add a configurable delay for failed authentication. Upon a failed login, the server will wait x milliseconds before returning the failure to the client. This is in order to deter brute force attacks and protect the user from multiple failed scripted login attempts.

      It was done as part of SERVER-20110 but we chose to leave it as undocumented for 3.2. It should be documented going forward now as it can have value for many of our users.

      Attachments

        Activity

          People

            andrew.aldridge@mongodb.com Andrew Aldridge
            osmar.olivo Osmar Olivo
            Votes:
            0 Vote for this issue
            Watchers:
            3 Start watching this issue

            Dates

              Created:
              Updated:
              Resolved:
              6 years, 4 weeks, 1 day ago