This site is the archived OWASP Foundation Wiki and is no longer accepting Account Requests.
To view the new OWASP Foundation website, please visit https://owasp.org

Difference between revisions of "Authorization"

From OWASP
Jump to: navigation, search
(Redirected page to Category:Access Control)
 
(12 intermediate revisions by 2 users not shown)
Line 1: Line 1:
{{Template:Control}}
+
#REDIRECT [[Category:Access Control]]
{{Template:Stub}}
 
 
 
 
 
Check [[Guide to Authorization]] for contents
 
 
 
Build an authentication mechanism, which will block account after N tries for a given IP address, from which log in attempt was conducted.
 
 
 
To minimize the possibility of blocking an owner's account we may take under consideration other characteristics like User-Agent or X_FORWARDED_FOR (if it's present).
 
 
 
Moreover, after N login attempts, but before blocking the account, we may include additional verification by comparing data entered by
 
the user and data displayed to him/her on the picture (CAPTCHA).
 
 
 
Such approach should slow down, limit log in attempts only to the valid user or even prevent conducting unwanted attempts generally.
 

Latest revision as of 22:20, 26 February 2016

Redirect to:

Retrieved from "https://wiki.owasp.org/index.php?title=Authorization&oldid=209781"