On Tue, 2 May 2006, Michael Peters wrote:
Hmmm. How would that method indicate a violation? It's not obvious
to me how that would interact with 'violation_mode', for example.
Good point. Maybe a check_violation() companion to record_hit()?
my %limit_args = ( user => $user_id, action => failed_login );
$rate_limit->record_hit(%limit_args);
return $self->slow_down_buddy
if( $rate_limit->check_violation(%limit_args) );
Alright, that seems do-able. It's mostly a matter of giving the
internal methods a consistent interface and exposing them for similar
usage.
Not to make it too bloated but maybe also a revoke_all_hits() method.
This would let me do something like "Allow only 5 failed login attempts
in 10 minutes. If they successfully login, reset the counter". Not too
important though.
revoke_all_hits( user => $user, action => $action )
Hmmmmm, that might be pushing it for a v1.0 release, but I'll at least
put it on a to-do list.
-sam
---------------------------------------------------------------------
Web Archive: http://www.mail-archive.com/[email protected]/
http://marc.theaimsgroup.com/?l=cgiapp&r=1&w=2
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
