Win a copy of Machine Learning Systems: Designs that scale this week in the Scala forum
or Xamarin in Action: Creating native cross-platform mobile apps in the Android forum!
  • Post Reply Bookmark Topic Watch Topic
  • New Topic

How to create n-second delay in .jsp ?  RSS feed

 
Greenhorn
Posts: 8
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Hello all,

I have a .jsp login page for my application and want to create n-second delay if the entered username/password is incorrect in order to make bruteforcing/hammering more difficult. How can this be done ?

And generally speaking about web application security; is it the right approarch to handle user authentications via sessions or is there any security issues there ? Meaning that, when user logs in, a session is created and this session is checked in every .jsp page. And if it's not valid, user is forwarded back to login-page.

Thanks for help.

- John
 
Author and ninkuma
Marshal
Posts: 66678
167
IntelliJ IDE Java jQuery Mac Mac OS X
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Creating a delay in the request/response cycle is a poor idea. Rather, handle this on the server end by keeping track of failed logins and ignoring repeated requests for the same login name.

Using sessions is a good way to keep track of authenticated logins. But checking on each JSP page is not. I'd either check it in the servlet controller for the page (you are using a Model 2 architecture, right?) or better yet, institute a servlet filter that does this checking for you.
 
Forget this weirdo. You guys wanna see something really neat? I just have to take off my shoe .... (hint: it's a tiny ad)
Rocket Oven Kickstarter - from the trailboss
https://coderanch.com/t/695773/Rocket-Oven-Kickstarter-trailboss
  • Post Reply Bookmark Topic Watch Topic
  • New Topic
Boost this thread!