Is there a way to restrict incorrect login attempts and add some sort of timeout to stop basic auth being brute forced, using IIS?
Asked
Active
Viewed 761 times
4
-
1Set account lockout policy. – Chris S Jul 11 '11 at 02:08
1 Answers
3
IIS6 basic authentication by default uses the local login policy, so whatever your security policy is set to on your server should apply.
Please note that basic authentication uses Base64 encoding, which is not encryption; credentials are sent plain text. If you house sensitive data on your server, you should at least use SSL/TLS.
Daniel B.
- 725
- 7
- 16