The scenario leveille brings up is the one I'm in. This is more of an
extranet than an intranet. The server is off-site, and is being
accessed by many people who all share the same IP.
My solution was this:
1: upon entry to user login form, check if user's IP is associated
with a threshold
Bear in mind that the browser fingerprint would only be reliable if
the server to which the clients are making the request is in the same
network (behind the same firewall). In that case the IP address would
be a DHCPd 1.9.168.*.* variation. If the server to which the requests
are going to is
I am trying to figure out the most reliable way of restricting login
attempts while using the Auth Component.
Here is my best stab at the problem thus far:
http://cakeforge.org/snippet/detail.php?type=snippetid=220
I'd love to hear what other people have done, or what they think of
the method
Login Attempts with Auth Component
I am trying to figure out the most reliable way of restricting login
attempts while using the Auth Component.
Here is my best stab at the problem thus far:
http://cakeforge.org/snippet/detail.php?type=snippetid=220
I'd love to hear what other people have done
There's a brute force protection behavior available over at the
bakery:
http://bakery.cakephp.org/articles/view/brute-force-protection
It may need some changes to make it work with 1.2 but I think it's
simple and does it's job.
On May 22, 9:13 pm, aranworld [EMAIL PROTECTED] wrote:
I am trying
Thanks for the feedback. I will add some database functionality to it
as well.
One problem I am coming across is that many of my users are all in the
same office with identical IP addresses. So if one user makes 5
unsuccessful attempts, I run the risk of locking out everyone else in
the
If you're worried about using just the IP, why not store a browser
fingerprint in the database and use that as the mechanism for
identifying an identical user? A simple browser fingerprint would be
the IP and UserAgent string concatenated toghether, and then hashed
(MD5 for instance). Although
