8 Jul
2003
8 Jul
'03
4:51 p.m.
On Tue, 2003-07-08 at 11:00, Nigel Metheringham wrote:
One thing that could be considered to protect ourselves against such attacks if there was a way of reducing the complexity to reasonable levels, would be to drop pending subscription requests after a couple (think of an appropriate number) of failed cookie cracking attempts.
That's a good idea...
That of course transforms this into a denial of service attack :-(
Which are always much harder to prevent. :/
-Barry