Block a user for M minutes, if there are N successive failed login attempt. I propose we keep M = 15 and N = 3.
Motivation & Benefits
This is useful from a security point of view. This will make dgraph resilient for brute force password attacks. This feature has been requested by multiple clients including Phillips.
I have 2 ideas for this task.
Idea 1 :
- We can store 2 more predicates in user type,
<dgraph.failed_login_counter> int .and
<dgraph.failed_login_timestamp> datetime .. On every login request, we will check if
<dgraph.failed_login_counter>is < N(=3). If this less, it means user is not blocked and we go ahead with authentication. Otherwise we check if M(=15) minutes have passed since
<dgraph.failed_login_timestamp>. If request is past M minutes, we set the
<dgraph.failed_login_counter>to 0 and proceed for the authentication. Otherwise the authentication request is rejected.
- Every time login is successful, we set the counter to 0. On unsuccessful login attempt, we increase the counter and check if it is greater that N(=3). If counter exceeds N, we store the timestamp of the login request.
Idea 2 :
- We store counter and timestamp in memory. And follow the same logic as above.
- Idea 1 can potentially slow down dgraph as we will have to do a query at every login attempt, whereas this is not the case with Idea 2.
- Idea 2 has a loophole in it. All the alphas will have different value of counter. If cluster size is significant, one can keep routing the request to different alphas to bypass the blocking mechanism.
I feel Idea 1 is the idiomatic way to do this task.
We need to write tests for unsuccessful login attempts.
Both the ideas will be compatible with existing systems.