Looking for more information on how to do PHP the right way? Check out PHP: The Right Way

NetTuts.com:
How to Build Rate Limiting into Your Web App Login
Sep 22, 2014 @ 16:12:14

In this new tutorial on NetTuts.com, Jeff Reifman shows you how to build rate limiting into your application to help with issues on your login caused by possible brute force attacks.

Since one of the wealthiest corporations in the world [Apple] didn't allocate the resources to rate limit all of their authentication points, it's likely that some of your web apps don't include rate limiting. In this tutorial, I'll walk through some of the basic concepts of rate limiting and a simple implementation for your PHP-based web application.

He starts with a brief look at how (brute force) login attacks actually work and how that relates to the most common passwords used. He splits out the two main approaches to rate limiting in applications: limit based on failures by username or limiting by IP address. He then gets into the actual code examples, choosing a Yii framework-based application for his illustration. He creates a simple "failed login" database table, shows how to log the attempts and includes a snippet to purge items older than (by default) 120 minutes ago. Finally, he includes the code to check the table and see if the username has too many failures listen and, if so, denies them access.

tagged: rate limiting login application tutorial mysql database

Link: http://code.tutsplus.com/tutorials/how-to-build-rate-limiting-into-your-web-app-login--cms-22133


Trending Topics: