• Post Reply Bookmark Topic Watch Topic
  • New Topic
programming forums Java Mobile Certification Databases Caching Books Engineering Micro Controllers OS Languages Paradigms IDEs Build Tools Frameworks Application Servers Open Source This Site Careers Other all forums
this forum made possible by our volunteer staff, including ...
Marshals:
  • Campbell Ritchie
  • Bear Bibeault
  • Ron McLeod
  • Jeanne Boyarsky
  • Paul Clapham
Sheriffs:
  • Tim Cooke
  • Liutauras Vilda
  • Junilu Lacar
Saloon Keepers:
  • Tim Moores
  • Stephan van Hulst
  • Tim Holloway
  • fred rosenberger
  • salvin francis
Bartenders:
  • Piet Souris
  • Frits Walraven
  • Carey Brown

How to create n-second delay in .jsp ?

 
Greenhorn
Posts: 8
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Hello all,

I have a .jsp login page for my application and want to create n-second delay if the entered username/password is incorrect in order to make bruteforcing/hammering more difficult. How can this be done ?

And generally speaking about web application security; is it the right approarch to handle user authentications via sessions or is there any security issues there ? Meaning that, when user logs in, a session is created and this session is checked in every .jsp page. And if it's not valid, user is forwarded back to login-page.

Thanks for help.

- John
 
Marshal
Posts: 67420
173
Mac Mac OS X IntelliJ IDE jQuery Java
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Creating a delay in the request/response cycle is a poor idea. Rather, handle this on the server end by keeping track of failed logins and ignoring repeated requests for the same login name.

Using sessions is a good way to keep track of authenticated logins. But checking on each JSP page is not. I'd either check it in the servlet controller for the page (you are using a Model 2 architecture, right?) or better yet, institute a servlet filter that does this checking for you.
 
No holds barred. And no bars holed. Except this tiny ad:
Thread Boost feature
https://coderanch.com/t/674455/Thread-Boost-feature
    Bookmark Topic Watch Topic
  • New Topic