We could use a 'three strikes and you're out' approach. This way we
can reduce the chance of irritating genuine users but maintain a high level of security.
One way of implementing this would be to build a Plugin, an event handler class
(extends JPlugin) registered to the application. This modular approach to dealing
with attacks, would allow us to reuse the plugin throughout our extensions. The
UML diagram shows one design we could use.
_params is a temporary store for the Plugin parameters (JParameter object).
onAttackDetected() is the method that will be executed when an attack is detected.
&_getParams() gets the Plugin parameters (uses _params). _attackCount() gets
the number of detected attacks so far (stored in the session). _incrementAttacks()
increments the number of attacks and returns the new number of attacks. When
the user exceeds the maximum number of detected attacks _actionLogout() and
_actionBlock() are run, if they are enabled in the Plugin parameters.
Error Handling and Security
[ 334 ]
This is the definition of the parameters; this would be in the plugin XML file.
Pages:
440
441
442
443
444
445
446
447
448
449
450
451
452
453
454
455
456
457
458
459
460
461
462
463
464