How to avoid user keep trying login using Ruby on Rails?

Posted by Tattat on Stack Overflow See other posts from Stack Overflow or by Tattat
Published on 2010-06-13T03:49:23Z Indexed on 2010/06/13 3:52 UTC
Read the original article Hit count: 253

Filed under:
|

I want to create a login page, it can easy implement using Ruby on Rails. But the login is very simple, but I want more security.

I want to stop the user keep trying the password. So, I have some ideas on that.

First, stop login feature if the user keep trying the password for 15 mins.
After the user login fail 5 times in 15 mins, the system should not allow the user login again in next 15 mins, ever his/her password is correct.

Second, I want to add a human verification, after the user tried 5 times. After the user wait for 15 mins to login, I want to add an addition verification to the user. I want the user click the password, and the CAPTCHA image. If one of them is failed, they still can't login the system. He/She have 5 times to try, if he / she failed again, he/she need to want another 15 mins.

Third, After the user tried 15 times, and still can't get into the system. I want to lock the user account, the user will receive an email, with a link to assign the password again.

So, the question is "Is there any library to implement such authorization easily?" I know it can be implemented using code, but using library is much convenient. Also, I want to ask is there any security suggestion for that? thank u.

© Stack Overflow or respective owner

Related posts about ruby-on-rails

Related posts about security