[Bug 550660] Protect against brute-force dictionary attacks

http://bugzilla.novell.com/show_bug.cgi?id=550660 User jreidinger@novell.com added comment http://bugzilla.novell.com/show_bug.cgi?id=550660#c1 Josef Reidinger changed: What |Removed |Added ---------------------------------------------------------------------------- Status|NEW |NEEDINFO CC| |jreidinger@novell.com Info Provider| |kkaempf@novell.com --- Comment #1 from Josef Reidinger 2009-10-29 05:05:08 MDT --- I think about it and for me the simplest solution is to have sleep during failed login and singleton counter, which counts fail login attemp and if number is above specified border, then disallow login. Because it should allow normal user to login, it should be time limited. So fail attemp has also last failed attemp and if it is more then e.g. 10 minutes, then clear counter. Also disallow logging should be only for limited time e.g. 10 minutes. So if we set borders to 5 failed attempts and 10 minutes, then attacker could try 720 password per day, which is useless for brutal-force attack. Klaus - what do you think? If you agree I can implement it. -- Configure bugmail: http://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug.