Assuming that your blocking their IP, because you think a hacking attempt is taking place.
Usually, hacking attempts are performed by robots, and it wouldn't be hard to have the robot retry every 5 minutes. I think storing the IP address in the session isn't useful. If they fail to login after the number of tries, then this IP should be stored in a black list database. The IP address can have a TTL value that expires in say 30 days. What's important is the IP address attacking the website. A robot could attack all the known users for a domain. Where the user name is shown a robot can just process all the account looking for someone stupid enough to use a commonly known password. This would be a strict approach. ----- Original Message ---- From: aranworld <[EMAIL PROTECTED]> To: CakePHP <[email protected]> Sent: Thursday, May 22, 2008 3:13:57 PM Subject: Restricting Login Attempts with Auth Component I am trying to figure out the most reliable way of restricting login attempts while using the Auth Component. Here is my best stab at the problem thus far: http://cakeforge.org/snippet/detail.php?type=snippet&id=220 I'd love to hear what other people have done, or what they think of the method I am using in the code snipped I've linked to. -Aran --~--~---------~--~----~------------~-------~--~----~ You received this message because you are subscribed to the Google Groups "CakePHP" group. To post to this group, send email to [email protected] To unsubscribe from this group, send email to [EMAIL PROTECTED] For more options, visit this group at http://groups.google.com/group/cake-php?hl=en -~----------~----~----~----~------~----~------~--~---
