[TYPO3-core] Remove/Reduce forced delay on failed BE logins
Steffen Müller
typo3 at t3node.com
Fri May 10 17:12:17 CEST 2013
Hi.
There is a delay of 5 seconds when the BE login fails.
LoginController::checkRedirect()
...
sleep(5);
...
http://forge.typo3.org/projects/typo3v4-core/repository/revisions/master/entry/typo3/sysext/backend/Classes/Controller/LoginController.php#L417
I'd like to get rid of that or reduce the number of seconds, because
a) IMHO waiting 5 seconds reduces usability
b) Test automation heavily slows down.
I know it is meant to slow down brute force attacks, but one could still
drive multiple attempts in parallel.
What's your opinion?
What do you think about the trade-off between security and
usability/testability?
--
cheers,
Steffen
TYPO3 Blog: http://www.t3node.com/
Twitter: @t3node - http://twitter.com/t3node
More information about the TYPO3-team-core
mailing list