Switch branches/tags
Nothing to show
Find file Copy path
Fetching contributors…
Cannot retrieve contributors at this time
16 lines (10 sloc) 756 Bytes
h3. Authentication security projects for a later date
* Track 'failed logins this hour' and demand a captcha after say 5 failed logins
("RECAPTCHA plugin.":
"De-proxy-ficate IP address":
* Make cookie spoofing a little harder: we set the user's cookie to
(remember_token), but store digest(remember_token, request_IP). A CSRF cookie
spoofer has to then at least also spoof the user's originating IP
(see "Secure Programs HOWTO":
* Log HTTP request on authentication / authorization failures