How do you prevent brute force attacks on RESTful data services

Posted by Adrian Grigore on Stack Overflow See other posts from Stack Overflow or by Adrian Grigore
Published on 2010-06-03T12:08:32Z Indexed on 2010/06/03 12:14 UTC
Read the original article Hit count: 440

Hi,

I'm about to implement an RESTful API to our website (based on WCF data services, but that probably does not matter).

All data offered via this API belongs to certain users of my server, so I need to make sure only those users have access to my resources. For this reason, all requests have to be performed with a login/password combination as part of the request.

What's the recommended approach for preventing brute force attacks in this scenario?

I was thinking of logging failed requests denied due to wrong credentials and ignoring requests originating from the same IP after a certain threshold of failed requests has been exceeded. Is this the standard approach, or am I a missing something important?

Thanks,

Adrian

© Stack Overflow or respective owner

Related posts about api

Related posts about authentication