Uploaded image for project: 'Core Server'
  1. Core Server
  2. SERVER-20110

Add configurable delay for failed authentication

XMLWordPrintableJSON

    • Type: Icon: New Feature New Feature
    • Resolution: Done
    • Priority: Icon: Major - P3 Major - P3
    • 3.0.7, 3.1.9
    • Affects Version/s: 3.1.7
    • Component/s: Security
    • None
    • Fully Compatible
    • Security 8 08/28/15, Security 9 (09/18/15), Security A 10/09/15

      Add a new server parameter --authFailedDelayMs to offer a basic protection against brute force password guessing attacks.

      The parameter should be configurable at startup and runtime and apply to at least MONGODB-CR, PLAIN and SCRAM-SHA-1.

            Assignee:
            andreas.nilsson Andreas Nilsson
            Reporter:
            andreas.nilsson Andreas Nilsson
            Votes:
            0 Vote for this issue
            Watchers:
            5 Start watching this issue

              Created:
              Updated:
              Resolved: