On 09/06/2011 02:50 PM, Sanne Grinovero wrote:Yes in that case I would probably look at an option to just stop
>>>
>>> Depending on your needs it might not suite you: LIRS provides a
>>> bounded container, so it might drop some values even if the timeout
>>> was not reached.
>>
>> Thanks Sanne, that is probably not going to meet what I need - one thing I
>> am looking at is better tracking of failed authentication attempts so I
>> wouldn't want someone to be able to force an item out by causing additional
>> entries to be added.
>>
>
> I really don't know about your plans, but having a limit in the amount
> of entries the cache will be able to hold is generally a good idea.
accepting remote connection attempts if it appears the server is really
under attack - I will start a separate discussion on how people believe
that should behave.
> A malicious user could otherwise find a pattern to fill the memory of
> the AS by sending the appropriate (failing) authentication attempts,
> maybe from multiple users.
>
> Sanne
_______________________________________________
jboss-as7-dev mailing list
jboss-as7-dev@lists.jboss.org
https://lists.jboss.org/mailman/listinfo/jboss-as7-dev