Difference between revisions of "Authorization"

From OWASP
Jump to: navigation, search
m (Reverted edits by KirstenS (Talk); changed back to last version by Leocavallari)
 
(2 intermediate revisions by one user not shown)
Line 4: Line 4:
  
 
Check [[Guide to Authorization]] for contents
 
Check [[Guide to Authorization]] for contents
 
Build an authentication mechanism, which will block account after N tries for a given IP address, from which log in attempt was conducted.
 
 
To minimize the possibility of blocking an owner's account we may take under consideration other characteristics like User-Agent or X_FORWARDED_FOR (if it's present).
 
 
Moreover, after N login attempts, but before blocking the account, we may include additional verification by comparing data entered by
 
the user and data displayed to him/her on the picture (CAPTCHA).
 
 
Such approach should slow down, limit log in attempts only to the valid user or even prevent conducting unwanted attempts generally.
 

Latest revision as of 12:15, 27 October 2008

This is a control. To view all control, please see the Control Category page.

This article is a stub. You can help OWASP by expanding it or discussing it on its Talk page.



Check Guide to Authorization for contents