[DOCS-8695] Document configurable delay for failed auth Created: 29/Aug/16 Updated: 16/Jan/18 Resolved: 11/Jan/18 |
|
| Status: | Closed |
| Project: | Documentation |
| Component/s: | None |
| Affects Version/s: | None |
| Fix Version/s: | None |
| Type: | Task | Priority: | Major - P3 |
| Reporter: | Osmar Olivo | Assignee: | Andrew Aldridge |
| Resolution: | Done | Votes: | 0 |
| Labels: | None | ||
| Remaining Estimate: | Not Specified | ||
| Time Spent: | Not Specified | ||
| Original Estimate: | Not Specified | ||
| Participants: | |
| Days since reply: | 6 years, 4 weeks, 1 day ago |
| Description |
|
In 3.2 we added a parameter to add a configurable delay for failed authentication. Upon a failed login, the server will wait x milliseconds before returning the failure to the client. This is in order to deter brute force attacks and protect the user from multiple failed scripted login attempts. It was done as part of |
| Comments |
| Comment by Githook User [ 16/Jan/18 ] |
|
Author: {'email': 'i80and@foxquill.com', 'name': 'Andrew Aldridge', 'username': 'i80and'}Message: |
| Comment by Githook User [ 11/Jan/18 ] |
|
Author: {'email': 'i80and@foxquill.com', 'name': 'Andrew Aldridge', 'username': 'i80and'}Message: |
| Comment by Andreas Nilsson [ 29/Aug/16 ] |
|
Yes, let's document it! |