@mark true, but they would have to know the username - which would not be the same as 'nickname'
If the account with three failed logins required a capatcha in addition to usr/pwd?
- S
On 21 Aug 2011 17:42, "euromark" <dereuromark@googlemail.com> wrote:
> @sam
> not a good idea
>
> users could then block accounts of other users
> a simple "deadlock" for a few minutes is more than enough to keep out
> bot attacks or bruteforce
> important is that this is done via DB (not session or anything)
>
>
> On 21 Aug., 17:46, Sam Sherlock <sam.sherl...@gmail.com> wrote:
>> All of 30 earth minutes?
>>
>> Google 'cakephp login attempts' you'll find some bakery code and a
>> stackexchange post amongst others.
>>
>> I would set the account inactive and require the account to be reset via
>> users email.
>>
>> - S
>> On 21 Aug 2011 16:24, "nOLL" <hasnolm...@gmail.com> wrote:> Hi,
>>
>> > Is there any way to create login function more security such as when
>> > the users failed to login 3 times, they only be login after 30
>> > minutes.
>>
>> > Thanks.
>>
>> > --
>> > Our newest site for the community: CakePHP Video Tutorials
>>
>> http://tv.cakephp.org> Check out the new CakePHP Questions sitehttp://ask.cakephp.organd help
>>
>> others with their CakePHP related questions.
>>
>> > To unsubscribe from this group, send email to
>> > cake-php+unsubscribe@googlegroups.com For more options, visit this group
>>
>> athttp://groups.google.com/group/cake-php
>
> --
> Our newest site for the community: CakePHP Video Tutorials http://tv.cakephp.org
> Check out the new CakePHP Questions site http://ask.cakephp.org and help others with their CakePHP related questions.
>
>
> To unsubscribe from this group, send email to
> cake-php+unsubscribe@googlegroups.com For more options, visit this group at http://groups.google.com/group/cake-php
-- > @sam
> not a good idea
>
> users could then block accounts of other users
> a simple "deadlock" for a few minutes is more than enough to keep out
> bot attacks or bruteforce
> important is that this is done via DB (not session or anything)
>
>
> On 21 Aug., 17:46, Sam Sherlock <sam.sherl...@gmail.com> wrote:
>> All of 30 earth minutes?
>>
>> Google 'cakephp login attempts' you'll find some bakery code and a
>> stackexchange post amongst others.
>>
>> I would set the account inactive and require the account to be reset via
>> users email.
>>
>> - S
>> On 21 Aug 2011 16:24, "nOLL" <hasnolm...@gmail.com> wrote:> Hi,
>>
>> > Is there any way to create login function more security such as when
>> > the users failed to login 3 times, they only be login after 30
>> > minutes.
>>
>> > Thanks.
>>
>> > --
>> > Our newest site for the community: CakePHP Video Tutorials
>>
>> http://tv.cakephp.org> Check out the new CakePHP Questions sitehttp://ask.cakephp.organd help
>>
>> others with their CakePHP related questions.
>>
>> > To unsubscribe from this group, send email to
>> > cake-php+unsubscribe@googlegroups.com For more options, visit this group
>>
>> athttp://groups.google.com/group/cake-php
>
> --
> Our newest site for the community: CakePHP Video Tutorials http://tv.cakephp.org
> Check out the new CakePHP Questions site http://ask.cakephp.org and help others with their CakePHP related questions.
>
>
> To unsubscribe from this group, send email to
> cake-php+unsubscribe@googlegroups.com For more options, visit this group at http://groups.google.com/group/cake-php
Our newest site for the community: CakePHP Video Tutorials http://tv.cakephp.org
Check out the new CakePHP Questions site http://ask.cakephp.org and help others with their CakePHP related questions.
To unsubscribe from this group, send email to
cake-php+unsubscribe@googlegroups.com For more options, visit this group at http://groups.google.com/group/cake-php
No comments:
Post a Comment