Brute Force Attack


#1

What security features do you have to stop a brute force attempt at user sign-in?

Couldn’t someone just write a continuous login script to attempt all combinations of a password?


#2

Hi Charles,

Our enterprise product is used for production deployments and offers enhanced security

You could use that to (1) identify abused user accounts with the reporting features and (2) place API limits on that user or instance

You could do some things with server side scripting and the 2.0 open source product. For example counting user login attempts and implementing progressive delays or account lockout

a simple solution is enforcing strong passwords in the signup process


#3

Charles,
Have you thought about using a product like fail2ban to slowdown brute force attacks like this based on Apache logs? You could add something like this in front of DreamFactory and as Bill suggested, implement DreamFactory Enterprise to place an additional speed bump before someone gets into your backend.

My two cents.

Sridhar