News Feed
Sections




News Archive
Looking for more information on how to do PHP the right way? Check out PHP: The Right Way

DreamInCode.com:
Securing Login Forms From Brute-Force Attacks Using Queues
August 22, 2013 @ 10:22:48

On the Dreamincode.com forum there's an interesting approach mentioned for security login forms from brute-force attacks using a queueing system rather than the usual real-time requests.

Login forms in online systems are often easy targets for brute-force attacks; attacks designed to go through all possible values (or at least all probable values) for a password to "guess" a correct one. Securing your forms from such attacks is important, but it can be tricky to do in an effective manner without adversely affecting the user experience of your normal user. The method I am suggesting in this article is that of queuing login attempts in an effort to limit how many attempts an attacker can execute per second. [...] So, how do we implement this in PHP?

He suggests using a MySQL-based queueing system (but it could easily be replaced with one of the *MQ types) that tracks users versus login attempts. He's put together a library that handles the storage and login attempt management. He takes some time to explain the functionality of the class and how to put it to use.

0 comments voice your opinion now!
queue login protection tutorials bruteforce

Link: http://www.dreamincode.net/forums/topic/326807-securing-login-forms-from-brute-force-attacks-using-queues/

blog comments powered by Disqus

Similar Posts

WebReference.com: Using PHP Encryption for Login Authentication

Kevin Schroeder's Blog: How to (properly) evaluate Zend Server - Introduction

Sitecritic.net: Simple Content Management in PHP Without Database Access

Gonzalo Ayuso: Google App Engine, PHP and Silex. Setting up a Login Provider

phpDevelopment Blog: Zend Framework Tutorial Series: Part 3 – Login and Signup with (RE)Captcha


Community Events





Don't see your event here?
Let us know!


bugfix package voicesoftheelephpant install deployment series language tips introduction interview opinion library list symfony release laravel api podcast framework community

All content copyright, 2014 PHPDeveloper.org :: info@phpdeveloper.org - Powered by the Solar PHP Framework