Welcome Guest, Not a member yet? Register   Sign In
CodeIgniter Forums Using CodeIgniter General Help How can I lockout login for 5 minutes if 5 bad attempts are made
How can I lockout login for 5 minutes if 5 bad attempts are made
  • Offline silentium
    Full stack developer
  • ***
  • Posts: 83
    Threads: 3
    Joined: Feb 2015
    Reputation: 18
#5
03-05-2015, 12:00 AM

Some basics and things I always recommend for basic security
  • Good Auth Library (as I recommended above)
  • Required user account activation/validation via email
  • Lockout functionality
  • Enforce strong user passwords (min 8 chars, with min 2 numeric)
  • User CSRF token for ALL user submitted forms.
  • As always, validate ALL data submitted by users.
  • HTTPS on all requests
  • Never use one login for admins, they should have there own personal login (if you have a CMS)

And if you want to go all the way
  • Deny any sort of iframing of your site setting the X-Frame-Options header https://developer.mozilla.org/en-US/docs...me-Options
  • Turn on secure cookies (available in the CI config)
  • Turn on HTTP cookies only (but be aware this will make the cookie unavailable for JS) (available in the CI config)
  • Enforce extreme user passwords (min 8 chars, min 2 lower, 2 upper, 2 numeric, 2 special char)

That is what I can think of atm, but it is late here so I will update if I can come up with anything else another day.
Reply


Messages In This Thread
RE: How can I lockout login for 5 minutes if 5 bad attempts are made - by silentium - 03-05-2015, 12:00 AM



Theme © iAndrew 2016 - Forum software by © MyBB