Join the Conversation

1 Comment

  1. How long would it take for a java routine to make 1000 intentionally failed attempts to log in ? A few minutes ?

    If you want to prevent a targeted DoS then you need to leave it unlimited.

    But also test what your application does if it hits an invalid password error on connection. Perhaps it retries, either intentionally or because it calls some error logging routine that tries to log the error in a table which needs a db connection…

Leave a comment

Your email address will not be published.