Reputation: 21
Does GAE/Java offer any brute force protection if you don't use Google Accounts for authentication?
I'm making a Java web app on Google App Engine.
Do I need to roll my own brute force protection for my login system - since I'm not using Google Accounts for the user accounts in my system?
Or are there are built-in features that make it easier or don't require me to do everything from scratch?
Upvotes: 2
Views: 279
Answers (1)
Reputation: 101139
If you're doing authentication yourself, there's no way for App Engine to know what you're providing is a signin form, as opposed to anything else, so there's no way for it to protect against brute-forcing attempts. As a result, you'll have to implement it yourself.
As an alternative to Google accounts, though, you should consider the built-in OpenID support. Give serious thought to using one or the other - your users are likely to be ill-served if you insist they create yet another account from scratch just for your site.
Upvotes: 2
Related Questions
- How to authenticate programmatically to google app engine (with Java)?
- Authentication Strategy for GAE
- gae security - is hacking app engine application as hard as hacking google?
- Avoiding App Engine Authentication
- Google AppEngine: custom authentication
- Google App Engine User API
- How is the user authentication with Google accounts working inside the GAE technically
- Non-interactive user authentication on GAE
- App engine authentication
- GAE:What are ways to authenticate users without using google auth service?