[jboss-as7-dev] A simple timed cache?
Sanne Grinovero
sanne at hibernate.org
Tue Sep 6 09:50:59 EDT 2011
>>
>> Depending on your needs it might not suite you: LIRS provides a
>> bounded container, so it might drop some values even if the timeout
>> was not reached.
>
> Thanks Sanne, that is probably not going to meet what I need - one thing I
> am looking at is better tracking of failed authentication attempts so I
> wouldn't want someone to be able to force an item out by causing additional
> entries to be added.
>
I really don't know about your plans, but having a limit in the amount
of entries the cache will be able to hold is generally a good idea.
A malicious user could otherwise find a pattern to fill the memory of
the AS by sending the appropriate (failing) authentication attempts,
maybe from multiple users.
Sanne
More information about the jboss-as7-dev
mailing list