Ed,
Although valuable features, I am not sure that they belong in the Hobo core.
All of these features can be implemented using the hooks described in
the Hobo User Controller
<http://cookbook.hobocentral.net/manual/users_and_authentication#hobo-user-controller>
section of the manual.
Henry
On 18/02/16 10:15 PM, Ed Gomolka wrote:
I would like to add some security features to my Hobo app. In
descending priority order, I would like to add the following:
1. Account lockout feature to defend against brute force attacks. A
given number of consecutive failed login attempts over a given
time period would automatically lock the account for a few minutes
(e.g.: 10 consecutive failures within 5 minutes triggers a
15-minute lockout).
2. Login history table, for both security and informational purposes.
The table would be de-normalized, as it would track both
successfully authenticated sessions and lockouts. There would be
one row per login attempt. Login attempts on locked out accounts
would be ignored and would not trigger the creation of new history
rows. Possible columns for the table would be:
1. login success boolean
2. the user's ip address
3. session start timestamp
4. session end timestamp
5. lockout boolean
6. lockout duration
3. Optional two-factor authentication.
Has anyone done something like this? Are there plans to include any of
this in future Hobo releases?
I have been looking at the base Hobo code. The sign_user_in method is
available for people who want to do their own authenticating. I am
happy with the Hobo authentication, but I would like to add additional
logic around it. I don't see an obvious way to add features as opposed
to replacing the whole thing.
--
You received this message because you are subscribed to the Google
Groups "Hobo Users" group.
To unsubscribe from this group and stop receiving emails from it, send
an email to [email protected]
<mailto:[email protected]>.
To post to this group, send email to [email protected]
<mailto:[email protected]>.
Visit this group at https://groups.google.com/group/hobousers.
For more options, visit https://groups.google.com/d/optout.
--
**
*Henry Baragar*
Director, Software Development
*CSE* | *Canadian Securities Exchange*
*D *(647) 729-8325
220 Bay Street, 9th Floor | Toronto | ON | Canada | M5J 2W4
www.thecse.com <http://www.thecse.com/> | @CSE_News
<https://twitter.com/CSE_News>
--
You received this message because you are subscribed to the Google Groups "Hobo
Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to [email protected].
To post to this group, send email to [email protected].
Visit this group at https://groups.google.com/group/hobousers.
For more options, visit https://groups.google.com/d/optout.
