Is there a way to protect login page against a frequent submit?
???
liweinan at chinaedu.net
Fri Feb 8 00:03:31 EST 2008
Thanks for your advice Ole, I've done some researches on Geronimo and it
seems overkill to me.
It seems best for me to write a simple filter using session to control the
attempting.
Thanks,
Li Wei Nan
----- Original Message -----
From: "Ole Ersoy" <ole.ersoy at gmail.com>
To: "Yale CAS mailing list" <cas at tp.its.yale.edu>
Sent: Friday, February 08, 2008 4:26 AM
Subject: Re: Is there a way to protect login page against a frequent submit?
> Hi Li,
>
> You can do this with a servlet filter that intercepts cas login requests.
> You would have to get the principal user, see if they have attempted to
> login with a specified time period, and redirect them to another page
> explaining that they have made too many login attempts and that they must
> wait X minutes before attempting again. I think Geronimo has something
> like this built in, but I'm still looking around for a standalone
> implementation.
>
> Cheers,
> - Ole
>
>
>
> Li Wei Nan wrote:
>> Hi Everyone,
>>
>> Is there a plug-in or something like custom view could be used in
>> cas-webapps to protect cas from malicious credential/principal sniffer?
>>
>> Or maybe there's some configuration I can do in tomcat to achieve
>> this goal which I don't know yet?
>>
>> Thank you for your helps,
>>
>> Li Wei Nan
>> _______________________________________________
>> Yale CAS mailing list
>> cas at tp.its.yale.edu
>> http://tp.its.yale.edu/mailman/listinfo/cas
>>
> _______________________________________________
> Yale CAS mailing list
> cas at tp.its.yale.edu
> http://tp.its.yale.edu/mailman/listinfo/cas
>
More information about the cas
mailing list