MyBB Community Forums

MyBB Community Forums > Community Archive > Archived Forums > Archived Development and Support > MyBB 1.6 > 1.6 Suggestions and Feedback > Failed login cookies
Full Version: Failed login cookies
You're currently viewing a stripped down version of our content. View the full version with proper formatting.

Furyn

2009-11-23, 05:24 AM
MyBB's authentication system blocks excessive incorrect login attempts, however it appears to be solely cookie based. Deleting the loginattempts cookie that is set and incremented on each incorrect login appears to reset this limit.

Doesn't effectively having this limit controllable by the client defeat the purpose of limiting login attempts, or am I really missing something?

Ryan Gordon

2009-11-23, 07:12 AM
This is a standard method for providing a method to limit brute force attempts. While we understand there are various technicalities, that is the reality of these features to the extent that we can reasonably implement them.

There are other various methods such as using the IP to block, but due to the wide variety of proxies and the dynamic nature of routers/ISPs these days, it is basically useless to even consider that methodology.

As such, this is the only reasonable way to implement these type of technologies with what we can work with on the web.

Ryan
MyBB Community Forums > Community Archive > Archived Forums > Archived Development and Support > MyBB 1.6 > 1.6 Suggestions and Feedback > Failed login cookies