为什么HTTP与htaccess的认证很慢时密码不正确？ [英] Why http authentication with htaccess get slow when password incorrect?

问题描述

我不知道为什么，但是当我输入了错误的密码，它总是需要很多时间回来与认证对话框。

I don't know why but when i type a wrong password it always take alot of time to come back with authentication dialog.

但是当我输入正确的密码，它总是走的很快。

but when i type a correct password it always go fast.

htaccess的：

htaccess:

AuthUserFile c:/senha1
AuthName "Bem vindo"
AuthType Basic
require valid-user

我创造了这个senha1文件的htpasswd。

I created this 'senha1' file with htpasswd.

感谢。

推荐答案

这是一个简单的措施来减缓暴力攻击。

That's a simple measure to slow down brute force attacks.

正确地验证请求，将立即处理，同时不正确验证尝试通过第二个左右的延迟 - 这不打扰普通用户，只是做了一个错字，但它肯定不会拖慢要迅速尝试成千上万的攻击密码。

Correctly authenticated requests are handled instantly, while incorrect authentication attempts are delayed by a second or so -- this doesn't bother a regular user that just made a typo, but it sure does slow down attackers that want to rapidly try thousands of passwords.

这篇关于为什么HTTP与htaccess的认证很慢时密码不正确？的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！