GUI Login Brute-Force Attack Prevention

In order to significantly reduce the effectiveness of brute-force password guessing attacks, AppLogic prohibits users from repeatedly testing whether a name/pasword combination is correct by preventing the user from logging into the GUI after incorrectly entering a password 5 times. When a user incorrectly enters a user name or password 5 times, the user is locked out for 5 minutes and on subsequent 5 unsuccessful attempts, the user is locked out for 1 hour.

When a user is locked out, he is prevented from logging into the GUI even if a valid user name and password is provided until the timeout period has expired. In this situation, a grid maintainer or another grid user that has access to the grid may unlock the user account using the 'user unlock' command. You can also see how much time a locked out user has remaining for their next login attempt by using the 'user info' command.

-- BeckyH - 05 Dec 2008