设计+ capcha +在x错误的密码? [英] devise + capcha + on x wrong passwords?
问题描述
这个想法是,capcha显示了许多请求,以防止机器人或其他坏人出现,并限制设计签名页面上的请求数量。 >
我可以通过两种方式考虑这样做:
第一个是基于fail_attempts属性(所以你应该在每个不成功的登录后增加它)。要在Devise上使用它,您可以创建自己的 FailureApp 覆盖响应方法进行更新,以对用户的fail_attempt属性执行增量。当用户达到验证码限制时,您可以设置一个闪存属性来指示这一点,因此,您决定您的控制器有关验证码。但是这样做有一个问题:当用户登录时,尝试不同登录的用户将无法使用。
第二个是基于IP :对于每个不成功的登录,您都可以保留IP记录和尝试失败,当IP达到限制时,您可以设置已经提到的flash属性,表示该IP的请求号已经达到限制,并且可以显示验证码。您可以使用ActiveRecord和关系数据库,甚至像Redis这样的轻量级数据库。您也可以考虑从此数据库中删除旧数据的方法。
Are there some good resources tutorials or anyone has tried to implement a Capcha on devise when user enters x wrong passwords?
The idea is that the capcha shows up on to many requests to prevent bots or other bad guys out and limit the number of requests on the devise signing page.
I can think of doing that in two ways:
The first one is based on failed_attempts attribute (so you should increment it after each unsuccesful login). To use it on Devise, you may create your own FailureApp overriding the respond method to update to do an increment on the failed_attempt attribute on the user. When the user reaches the captcha limit, you may set a the flash attribute to signalize about this and thus, you decide on your controller about the captcha. But there is a problem with this way: as it logs for users, it won't work for an user trying different logins.
The second one is based on the IP: for each unsuccessful login, you keep record of IPs and unsuccessful attempts and when an IP reaches a limit you set the already mentioned flash attribute to signalize that the request number from that IP have already reached the limit and you can show the captcha. You can use ActiveRecord and a relational database or even something lightweight like Redis to do that. You may also think about ways to remove old data from this database.
这篇关于设计+ capcha +在x错误的密码?的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
