Page History
...
Code Block |
---|
function loginUser(user, password) {
if (!(user && password)) {
application.output('Unexpected credentials received', LOGGINGLEVEL.DEBUG);
return false;
}
var authenticated = ... //either query database or use LDAP
if (authenticated) {
var ok = security.login(user, user, ['group']) // Assume a group for each department
application.output('User ' + user + ' authenticated: ' + ok, LOGGINGLEVEL.DEBUG);
return ok;
}
application.output('User ' + user + ' could not be authenticated', LOGGINGLEVEL.DEBUG);
// Sleep for 3 seconds to discourage brute force attacks
application.sleep(3000);
return false;
}
|
When authentication fails, adding a pauze can be useful to discourage brute force password attacks.
Note that you have the choice of querying the database or getting an external authentication. You may also read a user groups table to create the array of groups the user has privledges privileges with. Also not that the only thing that is returned is a true or false and that reporting errors to the user does not occur at the authenticator level.
...
Overview
Content Tools
Activity