Login attempts

robofreak111	#1 12.08.2009 02:03
Members	you should not be able to loging for 15 minutes after you type the wrong password/username X times. this would cut down on people guessing passwords. I got the idea from other CMS's.

Kilandor	#2 12.08.2009 07:03
Administrators Thanked: 9 раз	Not all systems have that sort of thing, and anyone who is really going to be trying to brute force passwords, is going to be using multiple proxies anyways. Heck even google doesn't do that, they jsut throw up a near impossible to read captcha It would make for a good plugin though, and maybe core in future

AerialAngel	#3 13.08.2009 07:17
Members	I agree for a plug in similar to this.

Mynt	#4 18.08.2009 07:45
Donator Thanked: 1 раз	# robofreak111 : you should not be able to loging for 15 minutes after you type the wrong password/username X times. this would cut down on people guessing passwords. I got the idea from other CMS's. The only problem I see with this is your login attempts are not stored server side. Everything is tracked via a timestamp. Firebug, allows people to change the server time render for scripts. If I lock myself out of VBulletin, thats how I get another 5 login attempts. But at the same time, it is a good deterent. "I only sleep when I know I won't miss a thing."

Mynt

#4 18.08.2009 07:45

Donator
Thanked: 1 раз

# robofreak111 : you should not be able to loging for 15 minutes after you type the wrong password/username X times. this would cut down on people guessing passwords.

I got the idea from other CMS's.

The only problem I see with this is your login attempts are not stored server side. Everything is tracked via a timestamp. Firebug, allows people to change the server time render for scripts. If I lock myself out of VBulletin, thats how I get another 5 login attempts. But at the same time, it is a good deterent.

"I only sleep when I know I won't miss a thing."