Full Disclosure mailing list archives
Re: Secure OWA
From: "Mark Senior" <senatorfrog () gmail com>
Date: Wed, 30 Aug 2006 12:40:41 -0600
On 8/30/06, Renshaw, Rick (C.) wrote:
> There's two sides to this risk. If you allow OWA logins to lock out accounts, and your OWA page is available from anywhere on the Internet, you are handing an easy DOS tool to anyone that knows the account names for people on your server.
I think a possibly better approach, although it doesn't seem like you could implement it quite as simply as account lockouts, would be to lock out, not the account, but the originating IP address, for a duration. _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Current thread:
- Re: Secure OWA, (continued)
- Re: Secure OWA Dimitri Limanovski (Aug 25)
- Re: Secure OWA Danny (Aug 25)
- Re: Secure OWA <...> (Aug 26)
- Re: Secure OWA Dude VanWinkle (Aug 26)
- Re: Secure OWA Adriel Desautels (Aug 26)
- Re: Secure OWA Dude VanWinkle (Aug 26)
- Re: Secure OWA Valdis . Kletnieks (Aug 26)
- Re: Secure OWA Dude VanWinkle (Aug 26)
- Re: Secure OWA Brendan Dolan-Gavitt (Aug 30)
- Re: Secure OWA Bardus Populus (Aug 30)
- Re: Secure OWA Mark Senior (Aug 30)
- Re: Secure OWA Brian Eaton (Aug 30)
- Re: Secure OWA Lohan Spies (Aug 31)