Brute force protection

@memes

  • chraebsli@programming.dev
    link
    fedilink
    arrow-up
    7
    arrow-down
    1
    ·
    8 months ago

    no, since it first checks if the password is correct. if it is, display error message. if it is corrent and the second time, accept the password (code not in screenshot) but if the password is wrong, it doesnt check if it is the first attempt.

      • chraebsli@programming.dev
        link
        fedilink
        arrow-up
        3
        ·
        8 months ago

        You can’t really prevent a brute force attack. Even if you prevent it from one IP or so, you can still do “distributed” brute force attacks.

        Also only allowing one password per 5 seconds or so per IP will not work if you have lots of users and they are at work and have the same IP.

      • pythonoob@programming.dev
        link
        fedilink
        arrow-up
        1
        ·
        8 months ago

        It wouldn’t stop most brute force attacks, which are not performed on the live web service, but rather on a password hasb list that was stolen via some other means.