Re: [jboss-as7-dev] A simple timed cache?
On 09/06/2011 02:50 PM, Sanne Grinovero wrote:
>>
>> Depending on your needs it might not suite you: LIRS provides a
>> bounded container, so it might drop some values even if the timeout
>> was not reached.
>
> Thanks Sanne, that is probably not going to meet what I need - one thing I
> am looking at is better tracking of failed authentication attempts so I
> wouldn't want someone to be able to force an item out by causing additional
> entries to be added.
>
I really don't know about your plans, but having a limit in the amount
of entries the cache will be able to hold is generally a good idea.
Yes in that case I would probably look at an option to just stop
accepting remote connection attempts if it appears the server is really
under attack - I will start a separate discussion on how people believe
that should behave.
A malicious user could otherwise find a pattern to fill the memory
of
the AS by sending the appropriate (failing) authentication attempts,
maybe from multiple users.
Sanne