[DOCS-8695] Document configurable delay for failed auth Created: 29/Aug/16  Updated: 16/Jan/18  Resolved: 11/Jan/18

Status: Closed
Project: Documentation
Component/s: None
Affects Version/s: None
Fix Version/s: None

Type: Task Priority: Major - P3
Reporter: Osmar Olivo Assignee: Andrew Aldridge
Resolution: Done Votes: 0
Labels: None
Remaining Estimate: Not Specified
Time Spent: Not Specified
Original Estimate: Not Specified

Participants:
Days since reply: 6 years, 4 weeks, 1 day ago

 Description   

In 3.2 we added a parameter to add a configurable delay for failed authentication. Upon a failed login, the server will wait x milliseconds before returning the failure to the client. This is in order to deter brute force attacks and protect the user from multiple failed scripted login attempts.

It was done as part of SERVER-20110 but we chose to leave it as undocumented for 3.2. It should be documented going forward now as it can have value for many of our users.



 Comments   
Comment by Githook User [ 16/Jan/18 ]

Author:

{'email': 'i80and@foxquill.com', 'name': 'Andrew Aldridge', 'username': 'i80and'}

Message: DOCS-8695: authFailedDelayMs
Branch: v3.4
https://github.com/mongodb/docs/commit/98948c2dc3e6b2be5f636ee716edd809023721af

Comment by Githook User [ 11/Jan/18 ]

Author:

{'email': 'i80and@foxquill.com', 'name': 'Andrew Aldridge', 'username': 'i80and'}

Message: DOCS-8695: authFailedDelayMs
Branch: master
https://github.com/mongodb/docs/commit/07c0bff3af55fe6cc1527024d8fc9303f72d7d54

Comment by Andreas Nilsson [ 29/Aug/16 ]

Yes, let's document it!

Generated at Thu Feb 08 07:56:48 UTC 2024 using Jira 9.7.1#970001-sha1:2222b88b221c4928ef0de3161136cc90c8356a66.