I want to build a Component / Plugin Add on to prevent brute force login attempts but what is the best way?
Seems there are various ways each with its own pros / cons. Prevent attempt by blocking the IP address the request is coming from after "x" amount of tries. (IP can be changed easily / proxy'd / spoofed so not much of a deterrent there) Lock account by username / email but then any third party can enter [email protected] (if the email / username exists) and lock out the actual user. (Sure the account holder will get an email to reset password or what not) Adding captch to login just feels wrong. So not even interested in that. Any ideas of what you think is the best route to go by? -- Like Us on FaceBook https://www.facebook.com/CakePHP Find us on Twitter http://twitter.com/CakePHP --- You received this message because you are subscribed to the Google Groups "CakePHP" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. To post to this group, send email to [email protected]. Visit this group at http://groups.google.com/group/cake-php?hl=en. For more options, visit https://groups.google.com/groups/opt_out.
