#47 ✓resolved
Deleted User

Trouble with BruteForceProtection

Reported by Deleted User | February 21st, 2009 @ 07:17 AM

it seems no methods are called in module BruteForceProtection if you enter a false password, so the failed_login_count column is never updated !

If the login and password is OK, the methods are called, but the result is true because the failed_login_count column is zero, so no BruteForceAttack seen....

my UserSession :


class UserSession < Authlogic::Session::Base
  
  # enforce 'acts_as_authentic :logged_in_timeout' in User Controller
  logout_on_timeout true
  consecutive_failed_logins_limit 5

end

my user table :


  create_table "users", :force => true do |t|
    t.string   "login",                                       :null => false
    t.string   "crypted_password",                            :null => false
    t.string   "password_salt",                               :null => false
    t.string   "persistence_token",                           :null => false
    t.string   "single_access_token",                         :null => false
    t.string   "perishable_token",    :default => "",         :null => false
    t.integer  "login_count",         :default => 0,          :null => false
    t.datetime "last_request_at"
    t.datetime "last_login_at"
    t.datetime "current_login_at"
    t.string   "last_login_ip"
    t.string   "current_login_ip"
    t.datetime "created_at"
    t.datetime "updated_at"
    t.string   "email",               :default => "",         :null => false
    t.string   "language",            :default => "fr",       :null => false
    t.string   "status",              :default => "register"
    t.string   "first_name"
    t.string   "last_name"
    t.integer  "failed_login_count",  :default => 0,          :null => false
  end

any help on this ?

Comments and changes to this ticket

Please Sign in or create a free account to add a new ticket.

With your very own profile, you can contribute to projects, track your activity, watch tickets, receive and update tickets through your email and much more.

New-ticket Create new ticket

Create your profile

Help contribute to this project by taking a few moments to create your personal profile. Create your profile ยป

Object based authentication solution that handles all of the non sense for you. It's as easy as ActiveRecord is with a database.

People watching this ticket

Pages