drasebt1835 2012-03-10 02:47
浏览 23
已采纳

防止暴力[重复]

Possible Duplicate:
Preventing Brute Force Logins on Websites
Limiting user login attempts in PHP

I wanted to know what would be a best way to prevent brute forcing in a log in form. Meaning how can i save the number of tries and time limit? Would session be a good idea?

Thanks.

  • 写回答

2条回答 默认 最新

  • doushanmo7024 2012-03-10 02:53
    关注

    You can automatically start a session for each person who hits your site. Then in the session variable, store the number of login attempts and if they are blocked, a time when they will be unlocked.

    When processing the login, if the password and username does not match and the time limit has not expired and the number of tries has been exceeded, display a message to the user.

    Your database table could look like this:

    sessions
==========
id
num_tries //Number of login attemps
block_expires //If they are blocked, when they can be unblocked.

    This approach assumes that the user will assume a session cookie. They can easily get around this by clearing their cookies.

    In order to mitigate that some what, you can build some smarts into the process:

    • If the logins are coming from the same IP address AND the account they are trying to access does not change, then block the account (not the session!) for a set period of time.
    本回答被题主选为最佳回答 , 对您是否有帮助呢?
    评论
查看更多回答(1条)

报告相同问题?

悬赏问题

  • ¥15 关于#hadoop#的问题
  • ¥15 (标签-Python|关键词-socket)
  • ¥15 keil里为什么main.c定义的函数在it.c调用不了
  • ¥50 切换TabTip键盘的输入法
  • ¥15 可否在不同线程中调用封装数据库操作的类
  • ¥15 微带串馈天线阵列每个阵元宽度计算
  • ¥15 keil的map文件中Image component sizes各项意思
  • ¥20 求个正点原子stm32f407开发版的贪吃蛇游戏
  • ¥15 划分vlan后,链路不通了?
  • ¥20 求各位懂行的人,注册表能不能看到usb使用得具体信息,干了什么,传输了什么数据