[security] prevent brute-force attack by waiting after each failed connection attempt #253

clochix · 2016-03-13T20:04:01Z

Whatever the method (login screen, API request…), if wrong credentials are submitted, we should wait a little before answering, and before allowing another try.

frankrousseau · 2016-03-13T21:01:30Z

Bcrypt encryption makes password checking slow. So it already prevents a little bit from brute force attack.

frankrousseau added the bug label Apr 18, 2016

poupotte added the 1 - Backlog label Apr 22, 2016

poupotte removed the 1 - Backlog label Aug 17, 2016

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

[security] prevent brute-force attack by waiting after each failed connection attempt #253

[security] prevent brute-force attack by waiting after each failed connection attempt #253

clochix commented Mar 13, 2016

frankrousseau commented Mar 13, 2016

[security] prevent brute-force attack by waiting after each failed connection attempt #253

[security] prevent brute-force attack by waiting after each failed connection attempt #253

Comments

clochix commented Mar 13, 2016

frankrousseau commented Mar 13, 2016