Menu
▾
▴
#208 REMOTE HOST ./. Auto Lockout feature
Hallo!
In the xoops_sessions the sess_ip is captured and
stored for that session.
Can this be taken forward to detect for each and every
call TOGATHER WITH COOKIES? Does this make sense at all?
I thought it can do the following:
New table:
xoops_sessions_track
This would then include all what the sess_id based
activity into it. Following is than possible:
sess_id sess_ip module_id page_id start_time end_time
Therefore DoS would become impossible "if and only if"
end_time - start_time = is less than x seconds...
It would then lockout the user! Also this would help
anathor possibility of locking out users if they tried
for entering their passwords for more than x times,
which could be configured from the admin.
Also it would be able to offer excellent statistics,
RIGHT FROM THE CORE.
Difference:
Modules making a call through SQL queries is different
than CORE registering where the user is at a given time!
