Worklight - Invalid Login Attempts
https://stackoverflow.com//questions/20006471
-
20-12-2019 - |
italiano
english
français
española
中国
日本の
العربية
Deutsch
한국어
Português
RussianQuestion
I have been presented with a question by our IT Security department. They would like to know if there is a feature in place to disable logins after so many invalid login attempts. So my questions is: Is there a configuration in the Worklight Authentication Realms or Login Modules to disable login after so many invalid attempts to login with the wrong credentials. Or is this something that will need to be programmed? We have two different Login Modules: LDAP Login Module and Database Login Module. We are using Worklight 5.0.6 Consumer Edition on a Liberty Server.
Solution
This is not a feature that is built-into Worklight.
I believe that since you are required to implement the logic of your authentication process, whether you use form-based or adapter-based or custom-based authentication... If you'd like to add such a mechanism, you will need to implement it yourself as well.
For example, count how many times a login was attempted and if it was done more than X times, save the username that was used in a JSONStore or alike and check if any stored usernames are being used in future login attempts.
