Hi,
We are inserting username and different passwords,but still the account is
not getting locked out.And by response length change,we can able to know
that the password is correct.So the attacker can launch an automated Brute
force attack on the "user login" page to gain privileged access of the
users of the application.
kindly suggest how to implement No "Account Lockout" policy for login page
of user in Apache tomcat? or from any other way or how to implement CAPTCHA
in the login page for validating the user credential values?
Software used:--
Webserver:-Apache tomcat 8.0.44
Java:- JRE 1.8.0_131
Geoserver:- Geoserver version 2.11.1 Web Archive(war) for servlet containers
------------------------------------------------------------------------------
Check out the vibrant tech community on one of the world's most
engaging tech sites, Slashdot.org! http://sdm.link/slashdot
_______________________________________________
Geoserver-users mailing list
Please make sure you read the following two resources before posting to this
list:
- Earning your support instead of buying it, but Ian Turton:
http://www.ianturton.com/talks/foss4g.html#/
- The GeoServer user list posting guidelines:
http://geoserver.org/comm/userlist-guidelines.html
[email protected]
https://lists.sourceforge.net/lists/listinfo/geoserver-users
