Brute force protection

@memes

  • soloner@lemmy.world
    link
    fedilink
    arrow-up
    22
    arrow-down
    6
    ·
    edit-2
    8 months ago

    The logic is bugging me, though. It should be if isFirstAttempt || !isPasswordCorrect

    I understand the meme is trying to convey in spite of being correct to still return an error, but then it doesn’t account for when the password is actually incorrect.

    • QuaternionsRock@lemmy.world
      link
      fedilink
      arrow-up
      48
      ·
      edit-2
      8 months ago

      That defeats the brute-force attack protection…

      The idea is that brute-force attackers will only check each password once, while real users will likely assume they mistyped and retype the same password.

      The code isn’t complete, and has nothing to do with actually incorrect passwords.

    • reflectedodds@lemmy.world
      link
      fedilink
      arrow-up
      17
      ·
      8 months ago

      Like the other person said, it’s not meant to always fail the first time you enter any password.

      It is meant to fail the first time you enter the correct password.

      • winterayars@sh.itjust.works
        link
        fedilink
        arrow-up
        2
        arrow-down
        1
        ·
        8 months ago

        So it should be: if password == correct and first_success == true then { login failure; first_success = false }

        Something like that.