Difference between revisions of "Authorization"

From OWASP
Jump to: navigation, search
Line 13: Line 13:
  
 
Such approach should slow down, limit log in attempts only to the valid user or even prevent conducting unwanted attempts generally.
 
Such approach should slow down, limit log in attempts only to the valid user or even prevent conducting unwanted attempts generally.
 +
 +
[[Category:Control]]

Revision as of 11:51, 23 October 2008

This is a control. To view all control, please see the Control Category page.

This article is a stub. You can help OWASP by expanding it or discussing it on its Talk page.



Check Guide to Authorization for contents

Build an authentication mechanism, which will block account after N tries for a given IP address, from which log in attempt was conducted.

To minimize the possibility of blocking an owner's account we may take under consideration other characteristics like User-Agent or X_FORWARDED_FOR (if it's present).

Moreover, after N login attempts, but before blocking the account, we may include additional verification by comparing data entered by the user and data displayed to him/her on the picture (CAPTCHA).

Such approach should slow down, limit log in attempts only to the valid user or even prevent conducting unwanted attempts generally.