Brute-force prevention for Authenticator?

4 years ago

Honza Kuchař
Backer | 1650
+
0
-

Hi guys!

Don't you thing that there sould be some support from framework for brute-force password guessing? E.g.: Block user account, etc.? Some callback should be called when that situation occurs? Surely I'm talking more about sandbox than about framework, because there is no default implementation of user authentication in framework.

What do you thing about that? Or should it be just in hands of programmer? I think every application that has user accounts must deal with this.

4 years ago

David Grudl
Nette Core | 6827
+
+2
-

DDoS attack should be somehow solved on server layer, not application.

4 years ago

Honza Kuchař
Backer | 1650
+
0
-

Hmm, you are right. There should be some DDoS IP list managed by reverse proxy behind app server. Got it. Thanks!