On 09/05/2018 05:14 PM, Craig James wrote:
[snip]
> To elaborate, you should explain to the auditor that this introduces a
> huge denial-of-service vulnerability into your system. Anyone can start
> hammering on everyone else's accounts, and with a fairly trivial script,
> lock the entire company out of all accounts. This is a terrible idea.
And be tracked down (relatively) quickly.
--
Angular momentum makes the world go 'round.