10 Dec
2004
10 Dec
'04
7:17 a.m.
On Thu, 9 Dec 2004, Ben Beuchler wrote:
On Thu, Dec 09, 2004 at 09:20:21PM +0000, Paul Reilly wrote:
Then again, the convention net.wisdom at least -used- to be that this was a bad idea, because it became an easy DOS attack.
I take your point. But at the same time if there's no lockout mechanism a brute force attack will eventually guess the passwords.
Tarpitting seems like a good approach, here.
I was just about to mail the same. That might be a nice post-1.0 feature. Especially if more software will use dovecot for authentication.