登录失败指定次数后阻止用户 [英] Block a user after a specified number of failed logins
问题描述
在我们的应用中,我们要登录失败指定次数后阻止用户。我们使用自定义表来存储用户。
In our application we want to block a user after a specified number of failed logins. We are using custom tables to store a user.
在我们的登录页面它包含如用户名,密码和一个ID字段三个字段。 ID字段是不是唯一的。
In our login page it contains three fields like user name, password and an id field. The id field is not unique.
所以,我怎么可以阻止用户,如果我将使用的用户名来计算失败的尝试,所以其他人可以轻松地只是猜测的用户名和错误键入它阻挡的帐户。
So how can i block a user, if i will use the user name to calculate the failed attempts, so another person can easily block the account by just guessing the user name and typing it wrongly.
那么,什么是框来获取失败登录的最佳方法有用户?
So what is the best method to get the failed logins and there by block the user?
推荐答案
在一个失败的登录尝试,我会使用存储在应用程序状态词典,以IP为键和一个简单的整数来算attemts为值
On a failed login attempt, I would use a dictionary stored in Application State, with the IP as key and a simple integer to count the attemts as value
然后在每个失败的登录,如果在字典中的用户的IP是否存在,增加。如果尝试计数器> 除登录attemts的数量,中止会话
Then on each failed login, if the user's IP exists in the dictionary, increase it. If the attempt counter is > than the number of login attemts, abort the session.
当然,你还需要实施的时间间隔和方式上重置succesfull登录柜台。
Of course, you would need to also implement a time interval, and a way to reset the counter on a succesfull login.
但是,这应该很容易。
这篇关于登录失败指定次数后阻止用户的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
