This site is the archived OWASP Foundation Wiki and is no longer accepting Account Requests.
To view the new OWASP Foundation website, please visit https://owasp.org

Difference between revisions of "Authorization"

From OWASP
Jump to: navigation, search
(Redirected page to Category:Access Control)
 
(11 intermediate revisions by 2 users not shown)
Line 1: Line 1:
{{Template:Control}}
+
#REDIRECT [[Category:Access Control]]
{{Template:Stub}}
 
 
 
 
 
Check [[Guide to Authorization]] for contents
 
 
 
Build an authentication mechanism, which will block account after N tries for a given IP address, from which log in attempt was conducted.
 
 
 
To minimize the possibility of blocking an owner's account we may take under consideration other characteristics like User-Agent or X_FORWARDED_FOR (if it's present).
 
 
 
Moreover, after N login attempts, but before blocking the account, we may include additional verification by comparing data entered by
 
the user and data displayed to him/her on the picture (CAPTCHA).
 
 
 
Such approach should slow down, limit log in attempts only to the valid user or even prevent conducting unwanted attempts generally.
 
 
 
[[Category:Control]]
 

Latest revision as of 22:20, 26 February 2016

Redirect to:

Retrieved from "https://wiki.owasp.org/index.php?title=Authorization&oldid=209781"