为什么HTTP与htaccess的认证很慢时密码不正确? [英] Why http authentication with htaccess get slow when password incorrect?
问题描述
我不知道为什么,但是当我输入了错误的密码,它总是需要很多时间回来与认证对话框。
I don't know why but when i type a wrong password it always take alot of time to come back with authentication dialog.
但是当我输入正确的密码,它总是走的很快。
but when i type a correct password it always go fast.
htaccess的:
htaccess:
AuthUserFile c:/senha1
AuthName "Bem vindo"
AuthType Basic
require valid-user
我创造了这个senha1文件的htpasswd。
I created this 'senha1' file with htpasswd.
感谢。
推荐答案
这是一个简单的措施来减缓暴力攻击。
That's a simple measure to slow down brute force attacks.
正确地验证请求,将立即处理,同时不正确验证尝试通过第二个左右的延迟 - 这不打扰普通用户,只是做了一个错字,但它肯定不会拖慢要迅速尝试成千上万的攻击密码。
Correctly authenticated requests are handled instantly, while incorrect authentication attempts are delayed by a second or so -- this doesn't bother a regular user that just made a typo, but it sure does slow down attackers that want to rapidly try thousands of passwords.
这篇关于为什么HTTP与htaccess的认证很慢时密码不正确?的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!