[Date Prev][Date Next]
Re: Server side delay for bad passwords?
Pierangelo Masarati wrote:
Given the current implementation, the delay will keep a thread busy for
its duration. Your server, under attack, would quickly become
unresponsive for any user. Probably, your case should be handled
separately, e.g. by writing an overlay that registers a delay for a
given connection and quicly releases the operation, and a background
thread that wakes up when it's time to return errors after the delay.
Nothing dramatic, but definitely needs some development.
A bit trickier than that; it should not immediately release the operation
either. Otherwise you can build up quite a long queue of pending Bind
responses if they submit multiple Bind requests blindly. I.e., you also need
to prevent the connection from accepting more operations while a delay is in
-- Howard Chu
Chief Architect, Symas Corp. http://www.symas.com
Director, Highland Sun http://highlandsun.com/hyc/
Chief Architect, OpenLDAP http://www.openldap.org/project/