To: users@wicket.apache.org
Subject: Re: Thread.sleep() for only one session
You definitely do NOT want to intentionally sleep a thread - that halts
the request, and uses up your thread pool. You instead want the request
to complete, but you don't want to allow them to continue trying. So,
; Indeed.
>
>
> -Original Message-
> From: James Carman [mailto:[EMAIL PROTECTED]
> Sent: Friday, December 05, 2008 3:52 PM
> To: users@wicket.apache.org
> Subject: Re: Thread.sleep() for only one session
>
>
> But, if you only show the captcha after so many fa
Indeed.
-Original Message-
From: James Carman [mailto:[EMAIL PROTECTED]
Sent: Friday, December 05, 2008 3:52 PM
To: users@wicket.apache.org
Subject: Re: Thread.sleep() for only one session
But, if you only show the captcha after so many failed logins, wouldn't that
be okay? Yo
t;
> :-)
>
> -Original Message-
> From: Maarten Bosteels [mailto:[EMAIL PROTECTED]
> Sent: Friday, December 05, 2008 3:37 PM
> To: users@wicket.apache.org
> Subject: Re: Thread.sleep() for only one session
>
>
> If you're trying to defend against a br
om: Maarten Bosteels [mailto:[EMAIL PROTECTED]
Sent: Friday, December 05, 2008 3:37 PM
To: users@wicket.apache.org
Subject: Re: Thread.sleep() for only one session
If you're trying to defend against a brute-force password guessing attack,
you could add a captcha to your logon form after x f
Thank you for valuable information!
Tony.
On Sat, Dec 6, 2008 at 12:36 AM, Maarten Bosteels
<[EMAIL PROTECTED]> wrote:
> If you're trying to defend against a brute-force password guessing attack,
> you could add a captcha to your logon form after x failed login attempts
> from one IP address.
>
>
If you're trying to defend against a brute-force password guessing attack,
you could add a captcha to your logon form after x failed login attempts
from one IP address.
Maarten
On Fri, Dec 5, 2008 at 5:20 PM, Jeremy Thomerson
<[EMAIL PROTECTED]>wrote:
> You definitely do NOT want to intentionall
You definitely do NOT want to intentionally sleep a thread - that halts the
request, and uses up your thread pool. You instead want the request to
complete, but you don't want to allow them to continue trying. So, that
being said, you could:
1 - add a value to their session like "private long bl