appserver icon indicating copy to clipboard operation
appserver copied to clipboard
verified publisher icon appserver-io

[appserver-io/appserver] Configurable rate limit for authentication

Open wick-ed opened this issue 9 years ago • 0 comments

There are several configurable mechanisms to allow authentication of users based on certain criteria. Be it servlet security, webserver auth module or the new authentication and authorization framework. No matter what solution is used, there MUST be a possibility to have a rate limit to counter brute force and timing attacks. Possible reactions on reaching the limit might include blocking access with a 401/403, throttling response speed/delay response, etc.

UAC:

  • There MUST be a rate limit for authentication attempts
  • The limit SHOULD be configurable
  • The reaction on reaching the limit SHOULD be configurable

wick-ed avatar Feb 25 '16 10:02 wick-ed