I'm trying to determine the ramifications of putting a Thread.sleep(...)
call in a Struts action - i.e. since only one instance of the action is
created by the server, even though Tomcat is multi-threaded, would/could
an invalid login by one user hinder a valid login by another user?
Basically, I'm doing a database lookup based on login parameters before
the user is actually authenticated because the type of authentication
depends on one of their login parameters.
Our login page performs a POST to authenticate and I'd like to put in a
delay when a login failure occurs so that it hinders/frustrates any
malicious users and any scripts they might be running. I realize this
isn't a foolproof solution but since the user isn't authenticated yet, I
don't have a ton of options. One other thing we'll probably be doing is
session validation/invalidation.
If anyone has any other ideas or knows the answer to my question please
let me know. Thanks.
--adam
---------------------------------------------------------------------
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
