Beefy Boxes and Bandwidth Generously Provided by pair Networks
The stupid question is the question not asked
 
PerlMonks  

Re: Why do you have to worry about Brute Force Attacks?

by kwaping (Priest)
on Sep 26, 2006 at 23:17 UTC ( [id://575041]=note: print w/replies, xml ) Need Help??


in reply to Why do you have to worry about Brute Force Attacks?

Let me counter with this question: Why would any legitimate user need more than X attempts within N minutes to log in? If they know their password, one attempt should be enough. If they don't, there's always the "forgot password" link that all good sites (should) have. A few attempts should be given in leeway for those like me who have many passwords and bad memories, or for those who have issues with typos.

If you don't want to do it without good reason, then I recommend you keep a sharp eye on your HTTPD logs. Of course, by the time you recognize there is an issue, the attacker may have already succeeded. Which brings us back to the "why not just do it" argument.

---
It's all fine and dandy until someone has to look at the code.
  • Comment on Re: Why do you have to worry about Brute Force Attacks?

Replies are listed 'Best First'.
Re^2: Why do you have to worry about Brute Force Attacks?
by Anonymous Monk on Sep 27, 2006 at 13:16 UTC
    If they don't, there's always the "forgot password" link that all good sites (should) have.

    So now, instead of cracking a secure password, all the bad guys (or your nosey neighbours) have to do is find out your dog's name, mother's maiden name, or some other easy to learn (or guess) response?

    I think those links are handy. I don't pretend any system "protected" by them is secure. They're like a locked front door with the key hidden under the doormat by the back entrance; not as secure as they really appear.

[reply]

      Err most of the ones i've used email you the new password after checking the right answer. So they would have to know your dogs name and have access to your email.


      ___________
      Eric Hodges
[reply]
        Err most of the ones i've used email you the new password after checking the right answer. So they would have to know your dogs name and have access to your email.

        Email is sent out in plaintext over the network, remember?

[reply]

In Section Seekers of Perl Wisdom

Log In?
Username:
Password:

What's my password?
Create A New User
Domain Nodelet?

www.com | www.net | www.org
Node Status?
node history
Node Type: note [id://575041]
help
Chatterbox?
and the web crawler heard nothing...

How do I use this?Last hourOther CB clients
Other Users?
Others wandering the Monastery: (7)
As of 2024-04-16 18:02 GMT
Sections?
Information?
Find Nodes?
Leftovers?
    Voting Booth?

    No recent polls found