Apache-LoggedAuthDBI
view release on metacpan or search on metacpan
the value. For example, being told the name of the database 'sequence'
object that holds the value. Any such hints are passed as driver-specific
attributes in the \%attr parameter.
B<*> If the underlying database offers nothing better, then some
drivers may attempt to implement this method by executing
"C<select max($field) from $table>". Drivers using any approach
like this should issue a warning if C<AutoCommit> is true because
it is generally unsafe - another process may have modified the table
between your insert and the select. For situations where you know
it is safe, such as when you have locked the table, you can silence
the warning by passing C<Warn> => 0 in \%attr.
B<*> If no insert has been performed yet, or the last insert failed,
then the value is implementation defined.
Given all the caveats above, it's clear that this method must be
used with care.
The C<last_insert_id> method was added in DBI 1.38.
LoggedAuthDBI.pm view on Meta::CPAN
my $brute_username = &get_count($select, $dbh);
#Prevent password sharing, has the same username accessed from X different IPs in Y sec
$select = "SELECT distinct(".$Attr->{ip_field}.") ".$Attr->{table}." WHERE ".$Attr->{un_field}."='$username' AND ".$Attr->{time_field}. "> (DATE_SUB(NOW(), INTERVAL '$minutes_pw_shared' MINUTE))";
my $password_shared = &get_count($select, $dbh);
#Take Action: in case of a detected violation beyond tolerance level send the user to an error page
if ($declined >= $times_declined) {
$r->filename($errdocpath . 'blocked.html');
$return_value = 'OK';
} elsif ($brute_ip >= $times_brute_ip || $brute_username >= $times_brute_username) {
$r->filename($errdocpath . 'brute_force.html');
$return_value = 'OK';
} elsif ($password_shared >= $times_pw_shared) {
$r->filename($errdocpath . 'pass_sharing.html');
$auth = 'PASS_SHARED';
$return_value = 'OK';
#no brute force/pwsharing pass off to the main DBI authorization thingy...
LoggedAuthDBI.pm view on Meta::CPAN
PerlModule Apache::LoggedAuthDBI
Also, copy the following HTML files to the document root of Apache. These are needed
as this module will redirect to these resources in case of detected perpetration. Using
your own is perfectly okay as long as you either keep the naming or edit the filenames
in the module.
=over 4
=item *
blocked.html
=item *
brute_force.html
=item *
pass_sharing.html
=back
=head1 PREREQUISITES
AuthDBI.pm
blocked.html
brute_force.html
Changes
DBI.pm
LoggedAuthDBI.pm
Makefile.PL
MANIFEST
MD5.pm
pass_sharing.html
README
SHA1.pm
blocked.html view on Meta::CPAN
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.0 Transitional//EN">
<HTML>
<HEAD>
<TITLE> Blocked </TITLE>
</HEAD>
<BODY>
requests from your IPaddress have been banned for the time being due to repeatedly failed authentication attempts
</BODY>
</HTML>
brute_force.html view on Meta::CPAN
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.0 Transitional//EN">
<HTML>
<HEAD>
<TITLE> Blocked </TITLE>
</HEAD>
<BODY>
requests from your IPaddress have been banned for the time being due to detected bruteforcing attempts
</BODY>
</HTML>
pass_sharing.html view on Meta::CPAN
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.0 Transitional//EN">
<HTML>
<HEAD>
<TITLE> Blocked </TITLE>
</HEAD>
<BODY>
requests involving this user name have been blocked due to password sharing
</BODY>
</HTML>
( run in 1.122 second using v1.01-cache-2.11-cpan-49f99fa48dc )