search

cozy / cozy-proxy

This repository was part of CozyV2 which has been deprecated - Cozy authentication and routing layer
https://blog.cozycloud.cc/post/2016/11/21/On-the-road-to-Cozy-version-3
GNU Affero General Public License v3.0
26 stars 31 forks source link

[security] prevent brute-force attack by waiting after each failed connection attempt #253

Open clochix opened 8 years ago

clochix commented 8 years ago

Whatever the method (login screen, API request…), if wrong credentials are submitted, we should wait a little before answering, and before allowing another try.

frankrousseau commented 8 years ago

Bcrypt encryption makes password checking slow. So it already prevents a little bit from brute force attack.