hai Steve and all,
can any body suggest me that how could i lock a user from login after three consecutive unsuccessful attempts .
thanks in advance
login attempts
5 posts
• Page 1 of 1
login attemptshai Steve and all,
can any body suggest me that how could i lock a user from login after three consecutive unsuccessful attempts . thanks in advance
Re: login attemptsXataface already does this but it is more than 3 attempts. It is done by up address.
Re: login attemptsSteve,
by address means ip address . by the way thanks.
Re: login attemptsSteve i tried in one of my application by giving three wrong passwords but fourth time i am able to log in
how does the lock out occurs.?
Re: login attemptsIt is set to 20 attempts within a 30 minute window. If you have 20 failed attempts (without a successful attempt) within 30 minutes from the same IP address, that IP address will be locked for 30 minutes.
When the feature was first implemented it was set to 5, but this caused problems for applications where all the users are connecting from the same IP address. This was much more common than I thought. In this scenario, you could have 5 people type in wrong passwords and that would lock everyone out for 30 minutes. Increasing the limit to 20 still stops bots from incessantly hitting the application with different passwords, while not causing problems for regular users. The code is found in the isLockedOut() method of the Dataface_AuthenticationTool class if you want to see the logic. -Steve
5 posts
• Page 1 of 1
Who is onlineUsers browsing this forum: No registered users and 1 guest |