Pau Lo
asked on
brute force / DoS / Acct Lockout
How do you strike a balance in your web apps between protecting yourselves from brute force type attacks by deploying account lockout mechanisms, and your account lockout mechanisms being abused by malicious sources to create a DoS on the user acct logging in? Theres an argument to have account lockout to prevent brute force, but also an argument not to have for critiical apps due to the potential for DoS
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
Thanks Chris some good advice there
From the business point of view (CTO)
From the maintenence point of view (FTEs / ROI)
From the technical point of view (Code standardization, Complexity)
Other... .
Rgrds,