Posted by ilo on August 31, 2009 at 8:59pm
| Project: | Login Security |
| Version: | 6.x-1.x-dev |
| Component: | Code |
| Category: | task |
| Priority: | normal |
| Assigned: | Unassigned |
| Status: | active |
Issue Summary
While we don't have yet clear how the final user interface will look like, I'll be moving the current working parts to Drupal 7 after the code freeze. In any case, something should be considered:
#485974: Improved security: rate limit login attempts.
Part of the functionality of this module has been introduced into flood protection. Although they are not configurable, they may disrupt the module operation, so the settings and validators could be modified a little bit.
Comments
#1
flood_control provides a admin interface in D7.
http://drupal.org/project/flood_control
some of login_security functionalities are in D7 core.
#2
#3
Since I'm both nice and in a hurry, I'm attaching my rough D7 port of Login Security. Works for me on D7.4, with the caveat that I'm (a) using a very narrow set of its features, (b) not porting the test code, and (c) using Flood Control to bump up the D7 built in failed login block so that Login Security can work.
[i.e. if you want Login Security to be kicking people out of the pool on three failed logins, you'll need to use Flood Control to increase the D7 flood control to 4 or higher failed logins, as it will otherwise step in first and cut Login Security out of the picture.]
So there are no doubt some good bugs in there.
#4
sub, love the practicality of this module, will see what I can do about testing thanks!