[LON-CAPA-cvs] cvs: loncom /auth lonauth.pm
bisitz
lon-capa-cvs-allow@mail.lon-capa.org
Wed, 01 Oct 2008 11:11:08 -0000
bisitz Wed Oct 1 07:11:08 2008 EDT
Modified files:
/loncom/auth lonauth.pm
Log:
Optimizations for authentication fail:
- Added 1 second break as a brute force counteraction
- Added warning style to failed messages
Index: loncom/auth/lonauth.pm
diff -u loncom/auth/lonauth.pm:1.94 loncom/auth/lonauth.pm:1.95
--- loncom/auth/lonauth.pm:1.94 Sat Jul 12 20:51:31 2008
+++ loncom/auth/lonauth.pm Wed Oct 1 07:11:08 2008
@@ -1,7 +1,7 @@
# The LearningOnline Network
# User Authentication Module
#
-# $Id: lonauth.pm,v 1.94 2008/07/13 00:51:31 raeburn Exp $
+# $Id: lonauth.pm,v 1.95 2008/10/01 11:11:08 bisitz Exp $
#
# Copyright Michigan State University Board of Trustees
#
@@ -122,11 +122,12 @@
{'no_inline_link' => 1,});
my $end_page = &Apache::loncommon::end_page();
&Apache::loncommon::content_type($r,'text/html');
+ sleep 1; # brute force counteraction: slow down attackers, which try to hack user authentication with automated scripts
$r->send_http_header;
$r->print(
$start_page
.'<h1>'.&mt('Sorry ...').'</h1>'
- .'<p><b>'.&mt($message).'</b></p>'
+ .'<p class="LC_warning">'.&mt($message).'</p>'
.'<p>'.&mt('Please [_1]log in again[_2].'
,"<a href=\"/adm/login?username=$form->{'uname'}&domain=$form->{'udom'}\">",'</a>')
.'</p>'