You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
There are several configurable mechanisms to allow authentication of users based on certain criteria.
Be it servlet security, webserver auth module or the new authentication and authorization framework.
No matter what solution is used, there MUST be a possibility to have a rate limit to counter brute force and timing attacks.
Possible reactions on reaching the limit might include blocking access with a 401/403, throttling response speed/delay response, etc.
UAC:
There MUST be a rate limit for authentication attempts
The limit SHOULD be configurable
The reaction on reaching the limit SHOULD be configurable
The text was updated successfully, but these errors were encountered:
There are several configurable mechanisms to allow authentication of users based on certain criteria.
Be it servlet security, webserver auth module or the new authentication and authorization framework.
No matter what solution is used, there MUST be a possibility to have a rate limit to counter brute force and timing attacks.
Possible reactions on reaching the limit might include blocking access with a 401/403, throttling response speed/delay response, etc.
UAC:
The text was updated successfully, but these errors were encountered: