Re: [keycloak-dev] Brute force attack protection

Friday, 14 March 2014

The only good way to protect against brute force attacks is CAPTCHA or 
IP Address ACLs.  If you implement a delay, you can just have a 
multi-threaded attack.  If you disable the account after a number of 
failed attempts, then you can have a DoS attack and bring down the whole 
site.

On 3/14/2014 11:49 AM, Bill Burke wrote:
...
 FYI Working on Brute force login attack protection today.  Last
thing
 I'll do until I spend a week on Resteasy.

-- 
Bill Burke
JBoss, a division of Red Hat
http://bill.burkecentral.com

2024

2023

2022

2021

2020

2019

2018

2017

2016

2015

2014

2013

Re: [keycloak-dev] Brute force attack protection