Date: Fri, 02 Apr 1999 02:17:45 +1200 From: Andrew McNaughton <andrew@squiz.co.nz> To: "Song, Bo Run" <song@www3.nn.gx.cn> Cc: freebsd-isp@FreeBSD.ORG Subject: Re: Web Based Script Message-ID: <199904011417.CAA03157@aniwa.sky> In-Reply-To: Your message of "Tue, 30 Mar 1999 17:00:13 %2B0800." <Pine.BSF.3.96.990330164111.29578B-100000@www3.nn.gx.cn>
next in thread | previous in thread | raw e-mail | index | archive | help
> > I had written a PHP3 Radius authentication function. It can be used to > do user authentication. Combined with a detail-to-Mysql perl script ( > run in crontab), we used it to provide a web interface of customer > usage query. > > To prevent password guessing attack, a sleep() should be put into > the PHP3 script. This assumes that the password attack script makes attacks in series. If it runs multiple queries in parallel, then your sleep() function will not slow them down much, but will increase the impact on your server of running a lot of CGI calls in a short space of time. It's analagous to attacks on sendmail using RCPT to check for valid mail addresses. See bugtraq articles last month for that discussion. Andrew McNaughton -- ----------- Andrew McNaughton andrew@squiz.co.nz http://www.newsroom.co.nz/ To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-isp" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?199904011417.CAA03157>