detect strange behaviour : repoze.who challenge decider ?
9 views
Skip to first unread message
NiL
Dec 2, 2011, 2:41:34 PM12/2/11
to turbo...@googlegroups.com
Hi again :)
I wondering about a use case like :
some hacker is repeatingly trying to enter my app (wrapped in repoze.who as wsgi)
obviously my app will return 401 or 403 response code
at this point the repoze.who egress runs several plugins, challenge deciders of course
what I'm considering is implementing a custom challenge decider :
create a special table, let's call it 'abuse' (user_name, bad_credential_count)
if I'm called I create an entry in abuse and set bad_credential_count to 1 (resp +1 if already here)
then in the authenticator counterpart,
if password match : delete entry in abuse
if bad_credential_count > some_setting => 500 or reroute to fbi or send nagios a warning .... whatever
is it sound ? Am I paranoid ?
would it be useful ?
regards
NiL
I wondering about a use case like :
some hacker is repeatingly trying to enter my app (wrapped in repoze.who as wsgi)
obviously my app will return 401 or 403 response code
at this point the repoze.who egress runs several plugins, challenge deciders of course
what I'm considering is implementing a custom challenge decider :
create a special table, let's call it 'abuse' (user_name, bad_credential_count)
if I'm called I create an entry in abuse and set bad_credential_count to 1 (resp +1 if already here)
then in the authenticator counterpart,
if password match : delete entry in abuse
if bad_credential_count > some_setting => 500 or reroute to fbi or send nagios a warning .... whatever
is it sound ? Am I paranoid ?
would it be useful ?
regards
NiL
Reply all
Reply to author
Forward
0 new messages