Module: Authlogic::Session::BruteForceProtection::Config
- Defined in:
- lib/authlogic/session/brute_force_protection.rb
Overview
Configuration for the brute force protection feature.
Instance Method Summary collapse
-
#consecutive_failed_logins_limit(value = nil) ⇒ Object
(also: #consecutive_failed_logins_limit=)
To help protect from brute force attacks you can set a limit on the allowed number of consecutive failed logins.
-
#failed_login_ban_for(value = nil) ⇒ Object
(also: #failed_login_ban_for=)
Once the failed logins limit has been exceed, how long do you want to ban the user? This can be a temporary or permanent ban.
Instance Method Details
#consecutive_failed_logins_limit(value = nil) ⇒ Object Also known as: consecutive_failed_logins_limit=
To help protect from brute force attacks you can set a limit on the allowed number of consecutive failed logins. By default this is 50, this is a very liberal number, and if someone fails to login after 50 tries it should be pretty obvious that it’s a machine trying to login in and very likely a brute force attack.
In order to enable this field your model MUST have a failed_login_count (integer) field.
If you don’t know what a brute force attack is, it’s when a machine tries to login into a system using every combination of character possible. Thus resulting in possibly millions of attempts to log into an account.
-
Default:
50 -
Accepts:
Integer, set to 0 to disable
39 40 41 |
# File 'lib/authlogic/session/brute_force_protection.rb', line 39 def consecutive_failed_logins_limit(value = nil) rw_config(:consecutive_failed_logins_limit, value, 50) end |
#failed_login_ban_for(value = nil) ⇒ Object Also known as: failed_login_ban_for=
Once the failed logins limit has been exceed, how long do you want to ban the user? This can be a temporary or permanent ban.
-
Default:
2.hours -
Accepts:
Fixnum, set to 0 for permanent ban
48 49 50 |
# File 'lib/authlogic/session/brute_force_protection.rb', line 48 def failed_login_ban_for(value = nil) rw_config(:failed_login_ban_for, (!value.nil? && value) || value, 2.hours.to_i) end |