How do you prevent brute force attacks on RESTful data services
Posted
by Adrian Grigore
on Stack Overflow
See other posts from Stack Overflow
or by Adrian Grigore
Published on 2010-06-03T12:08:32Z
Indexed on
2010/06/03
12:14 UTC
Read the original article
Hit count: 440
Hi,
I'm about to implement an RESTful API to our website (based on WCF data services, but that probably does not matter).
All data offered via this API belongs to certain users of my server, so I need to make sure only those users have access to my resources. For this reason, all requests have to be performed with a login/password combination as part of the request.
What's the recommended approach for preventing brute force attacks in this scenario?
I was thinking of logging failed requests denied due to wrong credentials and ignoring requests originating from the same IP after a certain threshold of failed requests has been exceeded. Is this the standard approach, or am I a missing something important?
Thanks,
Adrian
© Stack Overflow or respective owner