Comments on: Adding Some Additional Security Measures to restful_authentication http://danengle.us/2009/03/adding-some-additional-security-measures-to-restful_authentication/ Dan Engle's Rails and Web Development Blog Wed, 25 Aug 2010 21:08:37 +0000 hourly 1 http://wordpress.org/?v=3.0.1 By: garage roller doors http://danengle.us/2009/03/adding-some-additional-security-measures-to-restful_authentication/comment-page-1/#comment-420 garage roller doors Fri, 25 Jun 2010 12:56:52 +0000 http://danengle.us/?p=68#comment-420 thanks for this it was an interesting read. thanks for this it was an interesting read.

]]> By: Dan http://danengle.us/2009/03/adding-some-additional-security-measures-to-restful_authentication/comment-page-1/#comment-403 Dan Tue, 04 Aug 2009 21:13:35 +0000 http://danengle.us/?p=68#comment-403 I thought about keeping the full login history, but I ultimately decided against it because keeping track of all of them could cause the database to grow fairly large and then you'd probably need a cron job of sorts to remove records that are x days or so old, so this was just a simpler solution. by_attempt_window is a named_scope of the LoginAttempt model, so you'll want to place it in there. Thanks for the comment! I thought about keeping the full login history, but I ultimately decided against it because keeping track of all of them could cause the database to grow fairly large and then you’d probably need a cron job of sorts to remove records that are x days or so old, so this was just a simpler solution.

by_attempt_window is a named_scope of the LoginAttempt model, so you’ll want to place it in there.

Thanks for the comment!

]]> By: Phil Rosenstein http://danengle.us/2009/03/adding-some-additional-security-measures-to-restful_authentication/comment-page-1/#comment-402 Phil Rosenstein Thu, 30 Jul 2009 03:40:43 +0000 http://danengle.us/?p=68#comment-402 I'm making similar additions to restful_authentication (without aasm) but I'm planning to have LoginAttempt keep a full login history instead of just the most recent failed attempts. I'm somewhat of a rails noob and so I'm wondering where "by_attempt_window" comes from? I tried adding the following to my user model: named_scope :by_attempt_window, lambda { |time_ago| { :conditions => ['created_at > ?', time_ago] } } but I still get undefined method `by_attempt_window'. This is a good project, I agree that restful_authentication needs this. I’m making similar additions to restful_authentication (without aasm) but I’m planning to have LoginAttempt keep a full login history instead of just the most recent failed attempts.

I’m somewhat of a rails noob and so I’m wondering where “by_attempt_window” comes from? I tried adding the following to my user model:
named_scope :by_attempt_window, lambda { |time_ago| { :conditions => ['created_at > ?', time_ago] } }
but I still get undefined method `by_attempt_window’.

This is a good project, I agree that restful_authentication needs this.

]]>