[jboss-as7-dev] A simple timed cache?
Jason T. Greene
jason.greene at redhat.com
Tue Sep 6 12:41:23 EDT 2011
On 9/6/11 10:54 AM, Darran Lofthouse wrote:
> On 09/06/2011 02:50 PM, Sanne Grinovero wrote:
>>>>
>>>> Depending on your needs it might not suite you: LIRS provides a
>>>> bounded container, so it might drop some values even if the timeout
>>>> was not reached.
>>>
>>> Thanks Sanne, that is probably not going to meet what I need - one thing I
>>> am looking at is better tracking of failed authentication attempts so I
>>> wouldn't want someone to be able to force an item out by causing additional
>>> entries to be added.
>>>
>>
>> I really don't know about your plans, but having a limit in the amount
>> of entries the cache will be able to hold is generally a good idea.
>
> Yes in that case I would probably look at an option to just stop
> accepting remote connection attempts if it appears the server is really
> under attack - I will start a separate discussion on how people believe
> that should behave.
IMO an auth cache should just be an auth cache and not any other thing.
If the goal is to do some additional restrictive failed timeout model,
that should be implemented at the auth plugin or auth system level.
Although there is nothing wrong with the auth cache caching that
information.
For example you could have a "last attempted login" field, which is
stored on the cache but is updated back to the auth system when evicted
using a callback.
--
Jason T. Greene
JBoss AS Lead / EAP Platform Architect
JBoss, a division of Red Hat
More information about the jboss-as7-dev
mailing list