Module: Authlogic::Session::BruteForceProtection::Config

Defined in:
lib/authlogic/session/brute_force_protection.rb

Overview

Configuration for the brute force protection feature.

Instance Method Summary collapse

Instance Method Details

#consecutive_failed_logins_limit(value = nil) ⇒ Object Also known as: consecutive_failed_logins_limit=

To help protect from brute force attacks you can set a limit on the allowed number of consecutive failed logins. By default this is 50, this is a very liberal number, and if someone fails to login after 50 tries it should be pretty obvious that it’s a machine trying to login in and very likely a brute force attack.

In order to enable this field your model MUST have a failed_login_count (integer) field.

If you don’t know what a brute force attack is, it’s when a machine tries to login into a system using every combination of character possible. Thus resulting in possibly millions of attempts to log into an account.

  • Default: 50

  • Accepts: Integer, set to 0 to disable



39
40
41
 
# File 'lib/authlogic/session/brute_force_protection.rb', line 39

def consecutive_failed_logins_limit(value = nil)
  rw_config(:consecutive_failed_logins_limit, value, 50)
end

#failed_login_ban_for(value = nil) ⇒ Object Also known as: failed_login_ban_for=

Once the failed logins limit has been exceed, how long do you want to ban the user? This can be a temporary or permanent ban.

  • Default: 2.hours

  • Accepts: Fixnum, set to 0 for permanent ban



48
49
50
 
# File 'lib/authlogic/session/brute_force_protection.rb', line 48

def (value = nil)
  rw_config(:failed_login_ban_for, (!value.nil? && value) || value, 2.hours.to_i)
end