Comments (4)
amtacrick
commented on June 14, 2024
Suggest multiple failed logins be able to be managed by a site flag to chose what action to take - delay (minutes) / block (require reset) / redirect during "security action period"
Suggest having site setting for time in which failed attempts are detected
Consider delay use of / blocking IP after nominated number of failed login attempts from one IP within defined time period (any invalid login / password combination)
from knop.
stevepiercy
commented on June 14, 2024
I've incorporated what I understood, but I need a little more clarification.
I'm not sure I understand this: redirect during "security action period". Is this where the system has identified and locked out a user from logging in after repeated failed attempts, and then redirects the user to a page where they can no longer attempt a login? If so, then the redirect itself is beyond the scope of Knop, however the lockout could be part of Knop. It would be up to the developer to decide what to do during the lockout period. I have implemented the non-redirecting lockout to clear the lockout after a period of time in some systems, but it relies on the Lasso 8 [event_schedule] tag which is not supported in Lasso 9.
Can you also elaborate on "time in which failed attempts are detected"? Do you mean, for example, specific times (9a - 5p) or a duration (15 minutes)?
Please let me know if I've missed anything in the revision of the issue description above. Thank you!
from knop.
amtacrick
commented on June 14, 2024
"security action period" is the period during which the ability to log in is inhibited (until expiry of set time or reset, dependent upon implementation). Agreed that the actions to take should reset with the solution and not Knop - just tossing out there things we do at te moment. Agree that "Duration" is a better word than "time" to describe the period within which attempts are evaluated - typically shorter for straight failed logins (e.g. 3 failed attempts within 2 mins)
from knop.
stevepiercy
commented on June 14, 2024
Added:
- add explicit lockout timestamp, defined as the instant at which the lockout becomes effective (amtacrick). Duration or clearing of the lockout are left to the developer to implement in their solutions. Lasso 9 may soon have an event_schedule implementation, and we'll investigate that as a possibility to clear a lockout.
Updated:
- lock out users after N failed login attempts within an optional duration
Thank you!
from knop.
Related Issues (20)
- Add size to input type text widget
- Knop_grid header and footer show incorrect maxrecords with -sql HOT 1
- Knop for Lasso 9 demo fails on Mac OS X 10.5 HOT 2
- Create a notejam for Knop
- Update apache.conf files and documentation to use preferred FallbackResource
- Comma in select field value does not render in form HOT 1
- knop_crypthash - Set default cost to a random value between 8000 and 12000
- knop_database oncreate -keyfield's column cannot be numeric HOT 1
- Don't coerce an array to a string for form -> getbutton
- user -> login fails on FileMaker 12+ HOT 3
- database -> getrecord with FileMaker cannot find record
- Consider becoming a member of Software Freedom Conservancy
- Cannot login when userfield is id
- Share custom validation snippets
- Demo site doesn't work HOT 13
- Update source URLs in knop9/knoplibs/debug.type.lasso HOT 1
- create new does not redirect to correct page
- record locking is broken HOT 2
- Improve error handling in knop_database.lasso HOT 1
- [ANNOUNCE] expiration of knop-project.org and hosting of demo
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from knop.