Prevent login brute forcing with captchas
bfbe6ec594d0
Actions

Authored by epriestley <git@epriestley.com> on Jan 12 2012, 21:56.

Description

Prevent login brute forcing with captchas

Summary: If a remote address has too many recent login failures, require they
fill out a captcha before they can attempt to login.

Test Plan: Tried to login a bunch of times, then submitted the CAPTHCA form with
various combinations of valid/invalid passwords and valid/invalid captchas.

Reviewers: btrahan, jungejason

Reviewed By: jungejason

CC: aran, epriestley, jungejason

Maniphest Tasks: T765

Differential Revision: https://secure.phabricator.com/D1379

Details

Committed

epriestley <git@epriestley.com>

Jan 13 2012, 00:22

Pushed

aubort

Jan 31 2017, 17:16

Parents

rPH7f7710a24df1: Add @phutil-external-symbol declarations to Phabricator

Branches

Unknown

Tags

Unknown

Event Timeline

epriestley <git@epriestley.com> committed rPHbfbe6ec594d0: Prevent login brute forcing with captchas (authored by epriestley <git@epriestley.com>).Jan 13 2012, 00:22

Changes (5)

				Path
	M			conf/default.conf.php
	M			src/applications/auth/controller/login/PhabricatorLoginController.php
	M			src/applications/auth/controller/login/__init__.php
	M			src/applications/people/storage/log/PhabricatorUserLog.php
	M			src/view/form/control/recaptcha/AphrontFormRecaptchaControl.php