Page 1 of 1

Appery DB Login from App - disable after X failures for Y time

Posted: Fri May 29, 2020 12:52 pm
by Andy Parker

Hi,

As one of my apps is internet facing I'm wanting to disable logins to accounts if they get the password wrong for more than 3 times between successful logins.

I've written app logic, but that relies on local storage to get around someone reloading the site. The problem with local storage is that this can be cleared or reset.....

I don't want to write something to the user's DB table as this means I have to embed the master API key in the app, and that's a bad idea for public facing apps.

Is there a way around this that is secure?
If not, is there a way you can implement this into Appery DB?


Appery DB Login from App - disable after X failures for Y time

Posted: Fri May 29, 2020 8:28 pm
by Serhii Kulibaba

Hello Andy,

There are only two ways to do it:

  1. Do this check on the app side (using localStorage or local variable or a local file)

  2. Do this check on the Server-side (keep it in the database or any another remove storage)

    So you have to choose one of these solutions.

    All local values might be changed by 3rd person, so it is not secure. But it doesn't use additional requests to the server


Appery DB Login from App - disable after X failures for Y time

Posted: Fri May 29, 2020 9:40 pm
by Andy Parker

Thanks Serhii,

I'd completely forgotten about server side checks. Perfect.

Thanks again, that's answered that one.

Kind regards

Andy