This repository is private.
All pages are served over SSL and all pushing and pulling is done over SSH.
No one may fork, clone, or view it unless they are added as a member.
Every repository with this icon (
) is private.
Every repository with this icon (
) is private.
This repository is public.
Anyone may fork, clone, or view it.
Every repository with this icon () is public.
Every repository with this icon (
) is public.
TODO
Authentication security projects for a later date
- Track ‘failed logins this hour’ and demand a captcha after say 5 failed logins
(RECAPTCHA plugin.)
in which case we’d better recommend “De-proxy-ficating IP address”: http://wiki.codemongers.com/NginxHttpRealIpModule
- Make cookie spoofing a little harder: we set the user’s cookie to
(remember_token), but store digest(remember_token, request_IP). A CSRF cookie
spoofer has to then at least also spoof the user’s originating IP
(see Secure Programs HOWTO)
- Log HTTP request on authentication / authorization failures (see here )
