login attempts

A place for users and developers of the Xataface to discuss and receive support.

login attempts

Postby samhans » Sun Mar 25, 2012 10:22 am

hai Steve and all,

can any body suggest me that how could i lock a user from login after three consecutive unsuccessful attempts .

thanks in advance
samhans
 
Posts: 96
Joined: Fri Feb 10, 2012 1:22 am

Re: login attempts

Postby shannah » Sun Mar 25, 2012 4:04 pm

Xataface already does this but it is more than 3 attempts. It is done by up address.
shannah
 
Posts: 4457
Joined: Wed Dec 31, 1969 5:00 pm

Re: login attempts

Postby samhans » Sun Mar 25, 2012 6:31 pm

Steve,
by address means ip address . by the way thanks.
samhans
 
Posts: 96
Joined: Fri Feb 10, 2012 1:22 am

Re: login attempts

Postby samhans » Mon Mar 26, 2012 9:13 am

Steve i tried in one of my application by giving three wrong passwords but fourth time i am able to log in

how does the lock out occurs.?
samhans
 
Posts: 96
Joined: Fri Feb 10, 2012 1:22 am

Re: login attempts

Postby shannah » Mon Mar 26, 2012 9:22 am

It is set to 20 attempts within a 30 minute window. If you have 20 failed attempts (without a successful attempt) within 30 minutes from the same IP address, that IP address will be locked for 30 minutes.

When the feature was first implemented it was set to 5, but this caused problems for applications where all the users are connecting from the same IP address. This was much more common than I thought. In this scenario, you could have 5 people type in wrong passwords and that would lock everyone out for 30 minutes. Increasing the limit to 20 still stops bots from incessantly hitting the application with different passwords, while not causing problems for regular users.

The code is found in the isLockedOut() method of the Dataface_AuthenticationTool class if you want to see the logic.
-Steve
shannah
 
Posts: 4457
Joined: Wed Dec 31, 1969 5:00 pm


Return to Xataface Users

Who is online

Users browsing this forum: No registered users and 3 guests

cron
Powered by Dataface
© 2005-2007 Steve Hannah All rights reserved