This site is the archived OWASP Foundation Wiki and is no longer accepting Account Requests.
To view the new OWASP Foundation website, please visit https://owasp.org
Difference between revisions of "Authorization"
Leocavallari (talk | contribs) |
|||
| Line 4: | Line 4: | ||
Check [[Guide to Authorization]] for contents | Check [[Guide to Authorization]] for contents | ||
| + | |||
| + | Build an authentication mechanism, which will block account after N tries for a given IP address, from which log in attempt was conducted. | ||
| + | |||
| + | To minimize the possibility of blocking an owner's account we may take under consideration other characteristics like User-Agent or X_FORWARDED_FOR (if it's present). | ||
| + | |||
| + | Moreover, after N login attempts, but before blocking the account, we may include additional verification by comparing data entered by | ||
| + | the user and data displayed to him/her on the picture (CAPTCHA). | ||
| + | |||
| + | Such approach should slow down, limit log in attempts only to the valid user or even prevent conducting unwanted attempts generally. | ||
Revision as of 15:42, 12 September 2008
This is a control. To view all control, please see the Control Category page.
This article is a stub. You can help OWASP by expanding it or discussing it on its Talk page.
Check Guide to Authorization for contents
Build an authentication mechanism, which will block account after N tries for a given IP address, from which log in attempt was conducted.
To minimize the possibility of blocking an owner's account we may take under consideration other characteristics like User-Agent or X_FORWARDED_FOR (if it's present).
Moreover, after N login attempts, but before blocking the account, we may include additional verification by comparing data entered by the user and data displayed to him/her on the picture (CAPTCHA).
Such approach should slow down, limit log in attempts only to the valid user or even prevent conducting unwanted attempts generally.
