RE: Thread.sleep() for only one session

2008-12-05 Thread Hoover, William
To: users@wicket.apache.org Subject: Re: Thread.sleep() for only one session You definitely do NOT want to intentionally sleep a thread - that halts the request, and uses up your thread pool. You instead want the request to complete, but you don't want to allow them to continue trying. So,

Re: Thread.sleep() for only one session

2008-12-05 Thread James Carman
; Indeed. > > > -Original Message- > From: James Carman [mailto:[EMAIL PROTECTED] > Sent: Friday, December 05, 2008 3:52 PM > To: users@wicket.apache.org > Subject: Re: Thread.sleep() for only one session > > > But, if you only show the captcha after so many fa

RE: Thread.sleep() for only one session

2008-12-05 Thread Bruno Cesar Borges
Indeed. -Original Message- From: James Carman [mailto:[EMAIL PROTECTED] Sent: Friday, December 05, 2008 3:52 PM To: users@wicket.apache.org Subject: Re: Thread.sleep() for only one session But, if you only show the captcha after so many failed logins, wouldn't that be okay? Yo

Re: Thread.sleep() for only one session

2008-12-05 Thread James Carman
t; > :-) > > -Original Message- > From: Maarten Bosteels [mailto:[EMAIL PROTECTED] > Sent: Friday, December 05, 2008 3:37 PM > To: users@wicket.apache.org > Subject: Re: Thread.sleep() for only one session > > > If you're trying to defend against a br

RE: Thread.sleep() for only one session

2008-12-05 Thread Bruno Cesar Borges
om: Maarten Bosteels [mailto:[EMAIL PROTECTED] Sent: Friday, December 05, 2008 3:37 PM To: users@wicket.apache.org Subject: Re: Thread.sleep() for only one session If you're trying to defend against a brute-force password guessing attack, you could add a captcha to your logon form after x f

Re: Thread.sleep() for only one session

2008-12-05 Thread Anton Veretennikov
Thank you for valuable information! Tony. On Sat, Dec 6, 2008 at 12:36 AM, Maarten Bosteels <[EMAIL PROTECTED]> wrote: > If you're trying to defend against a brute-force password guessing attack, > you could add a captcha to your logon form after x failed login attempts > from one IP address. > >

Re: Thread.sleep() for only one session

2008-12-05 Thread Maarten Bosteels
If you're trying to defend against a brute-force password guessing attack, you could add a captcha to your logon form after x failed login attempts from one IP address. Maarten On Fri, Dec 5, 2008 at 5:20 PM, Jeremy Thomerson <[EMAIL PROTECTED]>wrote: > You definitely do NOT want to intentionall

Re: Thread.sleep() for only one session

2008-12-05 Thread Jeremy Thomerson
You definitely do NOT want to intentionally sleep a thread - that halts the request, and uses up your thread pool. You instead want the request to complete, but you don't want to allow them to continue trying. So, that being said, you could: 1 - add a value to their session like "private long bl