module Authlogic::Session::BruteForceProtection::Config
Configuration for the brute force protection feature.
Public Instance Methods
To help protect from brute force attacks you can set a limit on the allowed number of consecutive failed logins. By default this is 50, this is a very liberal number, and if someone fails to login after 50 tries it should be pretty obvious that it's a machine trying to login in and very likely a brute force attack.
In order to enable this field your model MUST have a failed_login_count (integer) field.
If you don't know what a brute force attack is, it's when a machine tries to login into a system using every combination of character possible. Thus resulting in possibly millions of attempts to log into an account.
-
Default:
50 -
Accepts:
Integer, set to 0 to disable
# File lib/authlogic/session/brute_force_protection.rb, line 39 def consecutive_failed_logins_limit(value = nil) rw_config(:consecutive_failed_logins_limit, value, 50) end
Once the failed logins limit has been exceed, how long do you want to ban the user? This can be a temporary or permanent ban.
-
Default:
2.hours -
Accepts:
Fixnum, set to 0 for permanent ban
# File lib/authlogic/session/brute_force_protection.rb, line 48 def failed_login_ban_for(value = nil) rw_config(:failed_login_ban_for, (!value.nil? && value) || value, 2.hours.to_i) end