在 PHP 中限制用户登录尝试 [英] Limiting user login attempts in PHP

问题描述

我见过网络应用对用户登录尝试有限制.

I've seen web apps with limitations for user login attempts.

是否出于安全需要?如果是，为什么?

Is it a security necessity and, if so, why?

例如:您的登录尝试失败了 3 次，让我们在 10 分钟后重试！！

推荐答案

澄清 这是对其他答案的补充.例如，在使用会话的反暴力机制旁边使用良好实施的验证码.
提问者将此标记为已接受，假设验证码无法被机器读取(她几乎是对的)，因此它得到了负面的分数，因为人们认为这不是一个完整的答案 &他们是对的.

Clarification This is a completion to the other answers. Using a good implemented captcha alongside an anti-bruteforce mechanism using sessions for example.
The questioner marked this as accepted assuming that captchas are unreadable by machines (she's almost right) and so it's getting negative points, because people think it's not a complete answer & they're right.

此外，使用良好实施的 CAPTCHA 可能是增强应用程序安全性以抵御暴力攻击的另一种方法.有一个各种各样的验证码提供商 免费提供，如果您赶时间，让我们尝试简单的方法.另外请考虑到这里有人们说哦，不！这个验证码的东西不够安全，有时它们是对的！".

Also using a good implemented CAPTCHA could be an alternative way to enpower your application security against brute-force attacks. there's a wide variety of captcha providers available for free, let's try the easy way if you're in a hurry. Also please consider that there's people outta here saying that "oh, no! this captcha thing is not secure enough and they're right sometimes!".

对于那些不知道的人，CAPTCHA 是一种程序，可以判断其用户是人类还是另一台计算机.它们是您在翻译时翻译的扭曲文本的小图像您注册 Gmail 或在某人的博客上发表评论.他们的目的是确保某人不会使用计算机自动注册数百万在线帐户，或者.." ref.

"For those of you who don't know, a CAPTCHA is program that can tell whether its user is a human or another computer. They're those little images of distorted text that you translate when you sign up for Gmail or leave a comment on someone's blog. Their purpose is to make sure that someone doesn't use a computer to sign up for millions of online accounts automatically, or.." ref.

这篇关于在 PHP 中限制用户登录尝试的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！