tags:

views:

44

answers:

3
+1  Q: 

Increase number of login attempts per user or per role in Drupal

Is it possible to increase number of login attempts before blocking an account for a certain user or role in Drupal? (not for all users) Or even never block a certain user regardless of number of login failures?

Thanks.

+1  A: 

Does Drupal 6 lockout accounts after a certain number of failures? Everything I'm reading indicates that this is a Drupal 7 feature. Anyway...

It looks the Login Security module would allow you to customize how users get blocked. You may check out the temporarily blocked feature.

Enabling this module, a site administrator may limit the number of invalid login attempts before blocking accounts, or denying access by IP address, temporarily or permanently. A set of notifications may help the site administrator to know when something is happening with the login form of their site: password and account guessing, bruteforce login attempts or just unexpected behaviour with the login operation.

Greg  2010-10-21 15:21:20
Thank you for your answer. However Login Security module allows to configure number of login failures for all users only. I need to increase this number for a certain user or role. Still looking for a solution.
Pol  2010-10-21 16:16:13
+1  A: 

If this is in Drupal 6 then you probably have a module performing the blocking of accounts, because this isn't in Drupal 6 core.

It is in Drupal 7 however.

If you are using Drupal 6, then you need to find out which module is doing the blocking.

If you are using Drupal 7 you can install the flood_control module to expose the variables around blocking. http://drupal.org/project/flood_control

Simon  2010-10-21 15:26:31
I use Drupal 6. Right now I'm checking out Login Security module which was suggested in a previous answer.
Pol  2010-10-21 16:08:40
For Drupal 6 Login Security module is responsible for blocking. It is quite useful, I want to keep it, but not flexible enough (allows to configure number of login failures for all users only).
Pol  2010-10-21 16:18:24
A: 

There is always an option to hardcode a user id or role id inside of login_security.module There is a function login_user_block_user_name($variables) in login_security.module responsible for blocking users. Adding a condition if($variables['uid']!=user_id_not_to_block) or something like that can work. However hardcoding isn't the best solution.

Pol  2010-10-21 16:34:30

related questions

Encryption in C# Web-Services
How Do You Secure database.yml?
ASP.NET LocationProvider
What do you (or your company) use for wiping a machine?
Can a proxy server cache SSL GETs? If not, would response body encryption suffice?
Java: What is the best way to SFTP a file from a server
How do I call a Flex SWF from a remote domain using Flash (AS3) ?
Best way to store a database password in a startup script / config file?
Using VM to get around VPN restrictions
Best references for secure coding practices in ASP.NET and classic ASP.
Secure Memory Allocator in C++
Resolving Session Fixation in JBoss
Best Practices for securing a REST API / web service
Defensive programming
Personal Linux web server
Block user access to internals of a site using HTTP_REFERER
Is there an Unobtrusive Captcha for web forms?
My website got hacked... What should I do?
What all do I need to escape when sending a (My)SQL query?
How do you disable browser Autocomplete on web form field / input tag?
Best .NET obfuscation tools/strategy
Are there best practices for testing security in an Agile development shop?
What is the best way to avoid SQL injection attacks?
Found a critical bug, but the company doesn't care
PHP Session Security