Does anyone know how Canvas handles brute-forcing?

Jump to solution
Instructure Alumni
Instructure Alumni

I'm in a bit of a security mindset atm (see my latest idea post ​) and I realized I actually have no idea how Canvas handles brute-forcing. Does anyone know this by chance? Is there a scaling delay on consecutive login attempts or an eventual lock-out point?

Labels (1)
1 Solution

Hi Adam,

Please discuss this with your CSM.  They can put you in touch with the right people to discuss this further.  For most of the time that I have worked for Instructure I have been located within close proximity to our support folks and I hear them discussing this issues with customers and people evaluating Canvas all the time.  What I would strongly advise you or anyone else reading this to please not do is subject production Canvas to brute force or denial attacks just to test the system.  If you are interesting in doing that kind of testing we have ways to help you learn more without you trying to take the system down.

View solution in original post