Hey guys and gals,
I wanted to know if it is possible to set up a loop in a controller to limit the attempts customers have on trying to log in.
If it is, any help to get started on this would be appreciated.
Thanks.
Search "limit log-in attempts" yields "About 566 results (0.24 seconds)" at
limit log-in attempts site:forum.opencart.com
Short answer is, no; long is, not easily. You can password portions of your directory tree, but that would be counterproductive to some extent even If ALL of your customers are preregistered, and still would not limit the number of attempts.
Even admin/ security does not restrict numbers of attempts. However, several entries in the thread at
http://forum.opencart.com/viewtopic.php?f=110&t=38042
will give you an idea of several security measures for it.
For both customers' and administrators' log-ins, curtailing numbers of log-in attempts requires scripting. If usernames and passwords are adequately difficult to guess in combination, the number of attempts required to get there is effectively high enough that few will persist long enough to get there. Extremely serious thought goes into forward and reverse encryption and decryption algorithms for dynamically reducing the odds to levels that are completely impracticable to overcome.
limit log-in attempts site:forum.opencart.com
Short answer is, no; long is, not easily. You can password portions of your directory tree, but that would be counterproductive to some extent even If ALL of your customers are preregistered, and still would not limit the number of attempts.
Even admin/ security does not restrict numbers of attempts. However, several entries in the thread at
http://forum.opencart.com/viewtopic.php?f=110&t=38042
will give you an idea of several security measures for it.
For both customers' and administrators' log-ins, curtailing numbers of log-in attempts requires scripting. If usernames and passwords are adequately difficult to guess in combination, the number of attempts required to get there is effectively high enough that few will persist long enough to get there. Extremely serious thought goes into forward and reverse encryption and decryption algorithms for dynamically reducing the odds to levels that are completely impracticable to overcome.
Attached: Restrict Login Attempts
Uses session variables to count the login attempts within the wait time.
Tested on 1.5.5.1, but should work on older versions
Uses session variables to count the login attempts within the wait time.
Tested on 1.5.5.1, but should work on older versions
Well, good on you, pprmkr! You've gone a different direction, and gotten somewhere. Thank you.
For general reference, there are at least three ways to frustrate hackers: lock them out (no access), toss them out (retries, timeouts), and slow them down (retry intervals, timeouts).
For general reference, there are at least three ways to frustrate hackers: lock them out (no access), toss them out (retries, timeouts), and slow them down (retry intervals, timeouts).
Cool. Sessions are fairly easy to reset so a database solution might prove more robust for the issue.pprmkr wrote:Attached: Restrict Login Attempts
Uses session variables to count the login attempts within the wait time.
Tested on 1.5.5.1, but should work on older versions
-Ryan
Who is online
Users browsing this forum: No registered users and 103 guests