[vmchecker-dev] bug: gui freezes buttons durring login
Lucian Adrian Grijincu
lucian.grijincu at gmail.com
Tue Mar 30 05:58:47 EEST 2010
Hi,
My network connection dropped, before I pushed "Login".
The GUI made a request to the services, but could not complete it.
After a bit the network connection was re-established, but I could not
do anything with the GUI: the username/password and login buttons were
all disabled.
As I see it this servers two purposes:
* let the user know you're processing the request
* prevent him from submitting too may requests
The second one doesn't accomplish anything, as the user can always
request login through the web service.
The only function seems to be user-feedback.
To prevent scenarios as I described above, a solution would be to
unblock the controls after two seconds from blocking them.
BWT: one could run automated login requests and guess user passwords
(brute-force).
I added a sleep(1 sec) to the login service implementation to make
this more time consuming for an attacker.
If you have any other suggestions, I'm listening.
--
.
..: Lucian
More information about the vmchecker-dev
mailing list