portals-jetspeed-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Johnson, Tom" <Tom.John...@Kingland.com>
Subject RE: Proposal
Date Wed, 22 May 2002 17:02:20 GMT
-1

This feature is important for sites controlling access to
sensitive data. Without a feature like this, if I know your
login id, I can conduct a brute force attack with endless
password combinations until I gain access to the account.
I would rather have my account temporarily disabled than, for
example, have my financial records compromised.

And, as noted, it is optional.
Tom

-----Original Message-----
From: Glenn Golden [mailto:ggolden@umich.edu]
Sent: Wednesday, May 22, 2002 11:50 AM
To: Jetspeed-Dev (jetspeed-dev@jakarta.apache.org)
Subject: Proposal


We have this clever feature that if there are some number of unsuccessful
login attempts over a time period, we disable the account.

This is a VERY BAD FEATURE!  With a feature like this, if I know your login
id, I can quickly disable your account.

I suggest we remove it.  Call for a vote.

- Glenn
 
--------------------------------------------
Glenn R. Golden, Systems Research Programmer
University of Michigan School of Information
ggolden@umich.edu               734-615-1419
--------------------------------------------


--
To unsubscribe, e-mail:
<mailto:jetspeed-dev-unsubscribe@jakarta.apache.org>
For additional commands, e-mail:
<mailto:jetspeed-dev-help@jakarta.apache.org>

--
To unsubscribe, e-mail:   <mailto:jetspeed-dev-unsubscribe@jakarta.apache.org>
For additional commands, e-mail: <mailto:jetspeed-dev-help@jakarta.apache.org>


Mime
View raw message