WebApp Sec mailing list archives
Re: User ID generation
From: "Paul M." <gpmidi () gmail com>
Date: Mon, 18 Apr 2005 03:15:05 +0000
After the first or second attempt require the user to enter some random letters that appear in a graphic. Try www.gmail.com. After a few bad logins it makes you enter letters from a graphic. That will keep bots from retrying without human intervention. ~Paul On 4/12/05, Jason binger <cisspstudy () yahoo com> wrote:
I have a customer that generates UserIDs as numbers sequentially for a critical application. They implement account lockout and I am concerned that someone could launch a DOS and lockout all the user accounts. What would people recommend for a user ID generation method. I was thinking UserIDs should be randomly generated from a large alpha-numeric keyspace, but how big should the keyspace be? What would the size of the keyspace need to be if it was only numeric? Any other thoughts appreciated. Cheers, __________________________________ Do you Yahoo!? Yahoo! Small Business - Try our new resources site! http://smallbusiness.yahoo.com/resources/
Current thread:
- User ID generation Jason binger (Apr 13)
- RE: User ID generation Andrew van der Stock (Apr 13)
- RE: User ID generation Thomas Ng (Apr 13)
- Re: User ID generation Scovetta Labs (Apr 13)
- Re: User ID generation Andi McLean (Apr 14)
- Re: User ID generation Adam K (Apr 18)
- Re: User ID generation Scovetta Labs (Apr 18)
- Re: User ID generation Andi McLean (Apr 14)
- Re: User ID generation Paul M. (Apr 18)
- <Possible follow-ups>
- RE: User ID generation Murtland, Jerry (Apr 18)
- Re: User ID generation Andi McLean (Apr 18)
- Re: User ID generation Lucas Holt (Apr 20)
- Re: User ID generation Andi McLean (Apr 18)
- RE: User ID generation Andrew van der Stock (Apr 13)