One thought on “On FAILED_LOGIN_ATTEMPTS”

  1. How long would it take for a java routine to make 1000 intentionally failed attempts to log in ? A few minutes ?

    If you want to prevent a targeted DoS then you need to leave it unlimited.

    But also test what your application does if it hits an invalid password error on connection. Perhaps it retries, either intentionally or because it calls some error logging routine that tries to log the error in a table which needs a db connection…

Leave a Reply

Your email address will not be published.


*

You may use these HTML tags and attributes: <a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <del datetime=""> <em> <i> <q cite=""> <strike> <strong>