Win a copy of Learn Spring Security (video course) this week in the Spring forum!
  • Post Reply
  • Bookmark Topic Watch Topic
  • New Topic

How to create n-second delay in .jsp ?

 
John Sisco
Greenhorn
Posts: 8
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Hello all,

I have a .jsp login page for my application and want to create n-second delay if the entered username/password is incorrect in order to make bruteforcing/hammering more difficult. How can this be done ?

And generally speaking about web application security; is it the right approarch to handle user authentications via sessions or is there any security issues there ? Meaning that, when user logs in, a session is created and this session is checked in every .jsp page. And if it's not valid, user is forwarded back to login-page.

Thanks for help.

- John
 
Bear Bibeault
Author and ninkuma
Marshal
Pie
Posts: 64613
86
IntelliJ IDE Java jQuery Mac Mac OS X
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Creating a delay in the request/response cycle is a poor idea. Rather, handle this on the server end by keeping track of failed logins and ignoring repeated requests for the same login name.

Using sessions is a good way to keep track of authenticated logins. But checking on each JSP page is not. I'd either check it in the servlet controller for the page (you are using a Model 2 architecture, right?) or better yet, institute a servlet filter that does this checking for you.
 
  • Post Reply
  • Bookmark Topic Watch Topic
  • New Topic