Difference between revisions of "Authorization"

From OWASP
Jump to: navigation, search
Line 4: Line 4:
  
 
Check [[Guide to Authorization]] for contents
 
Check [[Guide to Authorization]] for contents
 +
 +
Build an authentication mechanism, which will block account after N tries for a given IP address, from which log in attempt was conducted.
 +
 +
To minimize the possibility of blocking an owner's account we may take under consideration other characteristics like User-Agent or X_FORWARDED_FOR (if it's present).
 +
 +
Moreover, after N login attempts, but before blocking the account, we may include additional verification by comparing data entered by
 +
the user and data displayed to him/her on the picture (CAPTCHA).
 +
 +
Such approach should slow down, limit log in attempts only to the valid user or even prevent conducting unwanted attempts generally.

Revision as of 09:42, 12 September 2008

This is a control. To view all control, please see the Control Category page.

This article is a stub. You can help OWASP by expanding it or discussing it on its Talk page.



Check Guide to Authorization for contents

Build an authentication mechanism, which will block account after N tries for a given IP address, from which log in attempt was conducted.

To minimize the possibility of blocking an owner's account we may take under consideration other characteristics like User-Agent or X_FORWARDED_FOR (if it's present).

Moreover, after N login attempts, but before blocking the account, we may include additional verification by comparing data entered by the user and data displayed to him/her on the picture (CAPTCHA).

Such approach should slow down, limit log in attempts only to the valid user or even prevent conducting unwanted attempts generally.