Brute force protection

@memes

    • pythonoob@programming.dev
      link
      fedilink
      arrow-up
      1
      ·
      9 months ago

      It wouldn’t stop most brute force attacks, which are not performed on the live web service, but rather on a password hasb list that was stolen via some other means.

    • chraebsli@programming.dev
      link
      fedilink
      arrow-up
      3
      ·
      9 months ago

      You can’t really prevent a brute force attack. Even if you prevent it from one IP or so, you can still do “distributed” brute force attacks.

      Also only allowing one password per 5 seconds or so per IP will not work if you have lots of users and they are at work and have the same IP.