Hi Martin, If you mean some kind of rate-limiting for authentication requests, no (though that's a neat idea). The next release of couchdb brings PBKDF2 as an enhancement to the SHA1 passwords hashes. This brings a configurable work factor which effectively limits the rate of authentication (at a cpu cost). It would be simple to impose a fixed and configurable delay to authenticating on top of that, though.
B. On 11 Jul 2012, at 14:22, Martin Hewitt wrote: > Hi all, > > When using require_valid_user, does CouchDB have any built-in brute force > protection or should I be looking at an external way of preventing such > attacks? > > Thanks, > > Martin
