bob 001 wrote: > >Do we have any setting where we can set maximum retries for wrong >password before it locks the account or something like that?
No >isn't it otherwise easily breakable via bots by trying different >passwords to the same web url. It depends on the strength of the password. Consider a password consisting of 10 randomly chosen upper/lower case letters and digits. There are over 8 * 10^17 such passwords. On average random guessing requires 4 * 10^17 guesses. Even if the round trip web response time is 1 msec, and it's probably much longer that that, it takes 4 * 10^14 seconds or over 12 million years to try that many guesses. And, if someone is hitting your server that hard, you'd probably notice. And what's the payoff for cracking a list password? Maybe the ability to send one large blast of spam before the list is shut down. >How'z experts here controlling this piece of security? By using strong passwords. -- Mark Sapiro <[email protected]> The highway is for gamblers, San Francisco Bay Area, California better use your sense - B. Dylan ------------------------------------------------------ Mailman-Users mailing list [email protected] http://mail.python.org/mailman/listinfo/mailman-users Mailman FAQ: http://wiki.list.org/x/AgA3 Searchable Archives: http://www.mail-archive.com/mailman-users%40python.org/ Unsubscribe: http://mail.python.org/mailman/options/mailman-users/archive%40jab.org Security Policy: http://wiki.list.org/x/QIA9
