Thanks for the feedback. I will add some database functionality to it as well.
One problem I am coming across is that many of my users are all in the same office with identical IP addresses. So if one user makes 5 unsuccessful attempts, I run the risk of locking out everyone else in the office. I'm thinking that I can have a session based lockout set at 5, but then make a database lockout with a much higher limit to compensate for the fact that many users could all enter wrong passwords within a week's time. Even if the limit is as high as 100, I still think that is very likely to combat brute force methods, which usually require 10s of thousands of entries to have any hopes of success. On May 22, 12:58 pm, davidpersson <[EMAIL PROTECTED]> wrote: > There's a brute force protection behavior available over at the > bakery:http://bakery.cakephp.org/articles/view/brute-force-protection > > It may need some changes to make it work with 1.2 but I think it's > simple and does it's job. > > On May 22, 9:13 pm, aranworld <[EMAIL PROTECTED]> wrote: > > > I am trying to figure out the most reliable way of restricting login > > attempts while using the Auth Component. > > > Here is my best stab at the problem thus far: > > >http://cakeforge.org/snippet/detail.php?type=snippet&id=220 > > > I'd love to hear what other people have done, or what they think of > > the method I am using in the code snipped I've linked to. > > > -Aran --~--~---------~--~----~------------~-------~--~----~ You received this message because you are subscribed to the Google Groups "CakePHP" group. To post to this group, send email to cake-php@googlegroups.com To unsubscribe from this group, send email to [EMAIL PROTECTED] For more options, visit this group at http://groups.google.com/group/cake-php?hl=en -~----------~----~----~----~------~----~------~--~---
