限制PHP中的用户登录尝试 [英] Limiting user login attempts in PHP

问题描述

我看到了Web应用程序对用户登录尝试的限制.

I've seen web apps with limitations for user login attempts.

这是否是安全必要性，如果是，为什么?

Is it a security necessity and, if so, why?

例如:您有3次失败的登录尝试，让我们在10分钟内重试！！

推荐答案

说明 这是对其他答案的补充.例如，使用良好实现的验证码以及使用会话的反暴力机制.
发问者将其标识为接受，前提是假设验证码无法被机器读取(她的几乎正确)，因此得到了负面评价，因为人们认为这不是一个完整的答案.他们是对的.

Clarification This is a completion to the other answers. Using a good implemented captcha alongside an anti-bruteforce mechanism using sessions for example.
The questioner marked this as accepted assuming that captchas are unreadable by machines (she's almost right) and so it's getting negative points, because people think it's not a complete answer & they're right.

使用良好实施的CAPTCHA可能也是增强应用程序安全性以防止暴力攻击的另一种方法.这里有一个各种验证码提供商免费提供，如果您着急的话，让我们尝试简单的方法.另外，请考虑这里有人们在这里说哦，不！这个验证码还不够安全，有时候他们是对的！" .

Also using a good implemented CAPTCHA could be an alternative way to enpower your application security against brute-force attacks. there's a wide variety of captcha providers available for free, let's try the easy way if you're in a hurry. Also please consider that there's people outta here saying that "oh, no! this captcha thing is not secure enough and they're right sometimes!".

"对于不认识的人，CAPTCHA是一种程序，可以告诉其用户是人类还是另一台计算机.它们是当您翻译时扭曲文本的那些小图像您注册Gmail或在某人的博客上发表评论.他们的目的是确保某人不会使用计算机自动注册数百万个在线帐户，或者.."

"For those of you who don't know, a CAPTCHA is program that can tell whether its user is a human or another computer. They're those little images of distorted text that you translate when you sign up for Gmail or leave a comment on someone's blog. Their purpose is to make sure that someone doesn't use a computer to sign up for millions of online accounts automatically, or.." ref.

这篇关于限制PHP中的用户登录尝试的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！