On Tue, 2 May 2006, Michael Peters wrote:
Hmmm. How would that method indicate a violation? It's not obvious to me how that would interact with 'violation_mode', for example.Good point. Maybe a check_violation() companion to record_hit()? my %limit_args = ( user => $user_id, action => failed_login ); $rate_limit->record_hit(%limit_args); return $self->slow_down_buddy if( $rate_limit->check_violation(%limit_args) );
Alright, that seems do-able. It's mostly a matter of giving the internal methods a consistent interface and exposing them for similar usage.
Not to make it too bloated but maybe also a revoke_all_hits() method. This would let me do something like "Allow only 5 failed login attempts in 10 minutes. If they successfully login, reset the counter". Not too important though. revoke_all_hits( user => $user, action => $action )
Hmmmmm, that might be pushing it for a v1.0 release, but I'll at least
put it on a to-do list.
-sam
---------------------------------------------------------------------
Web Archive: http://www.mail-archive.com/suppressed/
http://marc.theaimsgroup.com/?l=cgiapp&r=1&w=2
To unsubscribe, e-mail: suppressed
For additional commands, e-mail: suppressed
Mail converted by mhonarc 2.6.15
This archive provided courtesy of JSW4.NET, Internet Hosting Services for Small Business.