Contents

h3. Authentication security projects for a later date


* Track 'failed logins this hour' and demand a captcha after say 5 failed logins
  ("RECAPTCHA plugin.":http://agilewebdevelopment.com/plugins/recaptcha)
  "De-proxy-ficate IP address": http://wiki.codemongers.com/NginxHttpRealIpModule

* Make cookie spoofing a little harder: we set the user's cookie to
  (remember_token), but store digest(remember_token, request_IP). A CSRF cookie
  spoofer has to then at least also spoof the user's originating IP
  (see "Secure Programs HOWTO":http://www.dwheeler.com/secure-programs/Secure-Programs-HOWTO/web-authentication.html)

* Log HTTP request on authentication / authorization failures
  http://palisade.plynt.com/issues/2004Jul/safe-auth-practices  

Version data entries

72 entries across 72 versions & 15 rubygems

Version	Path
caleb-restful-authentication-1.1.1	TODO
dwaite-restful-authentication-1.1.1	TODO
genki-restful-authentication-1.1.1	TODO
ggoodale-restful-authentication-1.1.1	TODO
jcnetdev-restful-authentication-1.0.20080704	TODO
simonmenke-mr_authentication-0.0.1	vendor/plugins/restful-authentication/TODO
smukherjee-openbill-0.1.5	vendor/plugins/restful-authentication/TODO
smukherjee-openbill-0.1.6	vendor/plugins/restful-authentication/TODO
smukherjee-openbill-0.1.7	vendor/plugins/restful-authentication/TODO
rails3-restful-authentication-3.0.1	TODO
tournament-5.0.0	webgui/vendor/plugins/restful_authentication/TODO
jashmenn-restful-authentication-2.0.0.beta1	TODO
restful-authentication-1.2.1	TODO
branston-0.6.6	lib/branston/vendor/plugins/restful_authentication/TODO
branston-0.6.5	lib/branston/vendor/plugins/restful_authentication/TODO
branston-0.6.4	lib/branston/vendor/plugins/restful_authentication/TODO
branston-0.6.3	lib/branston/vendor/plugins/restful_authentication/TODO
branston-0.6.2	lib/branston/vendor/plugins/restful_authentication/TODO
tournament-4.2.0	webgui/vendor/plugins/restful_authentication/TODO
tournament-4.0.2	webgui/vendor/plugins/restful_authentication/TODO