Jump to content

Manual:$wgPasswordAttemptThrottle

From mediawiki.org
This page is a translated version of the page Manual:$wgPasswordAttemptThrottle and the translation is 58% complete.
Outdated translations are marked like this.
User rights, access control and monitoring: $wgPasswordAttemptThrottle
Ограничивает количество попыток ввода пароля данного участника с данного IP-адреса.
Введено в версии:1.14.0 (r38886)(git #6fcfa981)
Удалено в версии:всё ещё используется
Допустимые значения:(массив)
Значение по умолчанию:see below

Подробности

Ограничивает попытки ввода пароля данного участника с данного IP-адреса до count попыток за seconds секунд.

$wgMainCacheType должно быть равно не CACHE_NONE, чтобы эта опция работала.

Чтобы отключить, разместите следующий код в LocalSettings.php:

$wgPasswordAttemptThrottle = false;
Версия MediaWiki:
1.27

Multiple thresholds can be added. They will all be tested separately.

Default value

Версия MediaWiki:
1.27
/**
 * Limit password attempts to X attempts per Y seconds per IP per account.
 *
 * Value is an array of arrays. Each sub-array must have a key for count
 * (ie count of how many attempts before throttle) and a key for seconds.
 * If the key 'allIPs' (case sensitive) is present, then the limit is
 * just per account instead of per IP per account.
 *
 * @since 1.27 allIps support and multiple limits added in 1.27. Prior
 *   to 1.27 this only supported having a single throttle.
 * @warning Requires $wgMainCacheType to be enabled
 */
$wgPasswordAttemptThrottle = [
	// Short term limit
	[ 'count' => 5, 'seconds' => 300 ],
	// Long term limit. We need to balance the risk
	// of somebody using this as a DoS attack to lock someone
	// out of their account, and someone doing a brute force attack.
	[ 'count' => 150, 'seconds' => 60 * 60 * 48 ],
];
Версии MediaWiki:
1.14 – 1.26
/**
 * Limit password attempts to X attempts per Y seconds per IP per account.
 *
 * @warning Requires memcached.
 */
$wgPasswordAttemptThrottle = array( 'count' => 5, 'seconds' => 300 );

См. также