security - Locking out certain user based on ip, but no the whole business network in PHP -
i have built login system locks out user after 4 failed attempts, logs ip on database , cookie (if cookie exists not re-validate on database). problem if lock out user based on ip, other computers won't have access same ip (same router). there workaround on that? generate or store more specific user on database?
simply, no. can make safer example "evercookie", it's still removeable 90% of users don't know how. https://github.com/samyk/evercookie
Comments
Post a Comment