[keycloak-dev] Brute force attack protection
Bill Burke
bburke at redhat.com
Mon Mar 17 10:28:57 EDT 2014
On 3/17/2014 10:13 AM, Stian Thorgersen wrote:
> For a single user yes. Is that a big problem though?
>
I don't know. All the hacker needs to know is a list of emails and
could lock down a large set of users. Plus the users being hacked are
also locked out.
> If you sleep on the server you'd be able to do a DoS on the whole server (even if async) with a single machine.
>
Ugh, I guess the hacker could just ignore responses that are blocking.
--
Bill Burke
JBoss, a division of Red Hat
http://bill.burkecentral.com
More information about the keycloak-dev
mailing list