Is there a way to protect login page against a frequent submit?
Ole Ersoy
ole.ersoy at gmail.com
Thu Feb 7 15:26:15 EST 2008
Hi Li,
You can do this with a servlet filter that intercepts cas login requests. You would have to get the principal user, see if they have attempted to login with a specified time period, and redirect them to another page explaining that they have made too many login attempts and that they must wait X minutes before attempting again. I think Geronimo has something like this built in, but I'm still looking around for a standalone implementation.
Cheers,
- Ole
Li Wei Nan wrote:
> Hi Everyone,
>
> Is there a plug-in or something like custom view could be used in
> cas-webapps to protect cas from malicious credential/principal sniffer?
>
> Or maybe there's some configuration I can do in tomcat to achieve
> this goal which I don't know yet?
>
> Thank you for your helps,
>
> Li Wei Nan
> _______________________________________________
> Yale CAS mailing list
> cas at tp.its.yale.edu
> http://tp.its.yale.edu/mailman/listinfo/cas
>
More information about the cas
mailing list