Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

[appserver-io/appserver] Configurable rate limit for authentication #958

Open
wick-ed opened this issue Feb 25, 2016 · 0 comments
Open

[appserver-io/appserver] Configurable rate limit for authentication #958

wick-ed opened this issue Feb 25, 2016 · 0 comments
Labels
enhancement security

Comments

@wick-ed
Copy link
Member

wick-ed commented Feb 25, 2016

There are several configurable mechanisms to allow authentication of users based on certain criteria.
Be it servlet security, webserver auth module or the new authentication and authorization framework.
No matter what solution is used, there MUST be a possibility to have a rate limit to counter brute force and timing attacks.
Possible reactions on reaching the limit might include blocking access with a 401/403, throttling response speed/delay response, etc.

UAC:

  • There MUST be a rate limit for authentication attempts
  • The limit SHOULD be configurable
  • The reaction on reaching the limit SHOULD be configurable
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
enhancement security
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
1 participant
@wick-ed