You are viewing a plain text version of this content. The canonical link for it is here.

Posted to apache-bugdb@apache.org by Matthew Ford <Ma...@cww.octec.org.au> on 1997/02/28 03:50:01 UTC

mod_auth-any/209: No delay in request for retry of Authentication on failuer

>Number:         209
>Category:       mod_auth-any
>Synopsis:       No delay in request for retry of Authentication on failuer
>Confidential:   no
>Severity:       serious
>Priority:       medium
>Responsible:    apache (Apache HTTP Project)
>State:          open
>Class:          change-request
>Submitter-Id:   apache
>Arrival-Date:   Thu Feb 27 18:50:01 1997
>Originator:     Matthew.Ford@cww.octec.org.au
>Organization:
apache
>Release:        1.1.1
>Environment:
Pre compiled binaries for Solarisx86
>Description:
It appears that you get the retry option immeadiately after a user/password
authentication failure.  In our system where the users actual password is used
in this this file, this immeadiate retry leaves the system open to multiple retry
of password attach, possiable automationed via Java/C etc in the client.

>How-To-Repeat:
Try it on Netscape V3.0 Gold
>Fix:
Can you please put a 5 sec delay before returning a failed response to the web
browser
>Audit-Trail:
>Unformatted: