I'm trying to determine the ramifications of putting a Thread.sleep(...) call in a Struts action - i.e. since only one instance of the action is created by the server, even though Tomcat is multi-threaded, would/could an invalid login by one user hinder a valid login by another user?

Basically, I'm doing a database lookup based on login parameters before the user is actually authenticated because the type of authentication depends on one of their login parameters.

Our login page performs a POST to authenticate and I'd like to put in a delay when a login failure occurs so that it hinders/frustrates any malicious users and any scripts they might be running. I realize this isn't a foolproof solution but since the user isn't authenticated yet, I don't have a ton of options. One other thing we'll probably be doing is session validation/invalidation.

If anyone has any other ideas or knows the answer to my question please let me know. Thanks.

--adam

---------------------------------------------------------------------
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]

Reply via email to