Appery DB Login from App - disable after X failures for Y time

This forum contains topics that were moved from Get Satisfaction
Andy Parker
Posts: 0
Joined: Wed Mar 27, 2013 10:21 am

Appery DB Login from App - disable after X failures for Y time

Post by Andy Parker »

Hi,

As one of my apps is internet facing I'm wanting to disable logins to accounts if they get the password wrong for more than 3 times between successful logins.

I've written app logic, but that relies on local storage to get around someone reloading the site. The problem with local storage is that this can be cleared or reset.....

I don't want to write something to the user's DB table as this means I have to embed the master API key in the app, and that's a bad idea for public facing apps.

Is there a way around this that is secure?
If not, is there a way you can implement this into Appery DB?

Serhii Kulibaba
Posts: 136
Joined: Tue Aug 27, 2013 1:47 pm

Appery DB Login from App - disable after X failures for Y time

Post by Serhii Kulibaba »

Hello Andy,

There are only two ways to do it:

1. Do this check on the app side (using localStorage or local variable or a local file)

2. Do this check on the Server-side (keep it in the database or any another remove storage)

So you have to choose one of these solutions.

All local values might be changed by 3rd person, so it is not secure. But it doesn't use additional requests to the server

Andy Parker
Posts: 0
Joined: Wed Mar 27, 2013 10:21 am

Appery DB Login from App - disable after X failures for Y time

Post by Andy Parker »

Thanks Serhii,

I'd completely forgotten about server side checks. Perfect.

Thanks again, that's answered that one.

Kind regards

Andy

Post Reply