Barracuda Application Server C/C++ Reference
LoginTracker Struct Reference

Detailed Description

The LoginTracker class is an optional security enhancement that can be installed in an instance of one of the authenticator classes.

A hacker may write an automated password cracker tool to exploit weak passwords. This is often referred to as a Dictionary attack.

The purpose with the LoginTracker is to make it virtually impossible to perform dictionary attacks on the Barracuda authenticator classes. The LoginTracker keeps track of IP addresses that failed to supply the correct user and/or password. The LoginTracker keeps a cache of LoginTrackerNode instances where each LoginTrackerNode stores information such as IP address and time of login attempt.

You can download and try the FuguHub demo for a practical example of using the LoginTracker. Enter an invalid user/password when logging into the FuguHub Web Server and observe the response message.

#include <AuthenticatedUser.h>

Public Member Functions

 LoginTracker (U32 noOfLoginTrackerNodes, LoginTrackerIntf *intf, AllocatorIntf *allocator=AllocatorIntf::getDefault())
 Create a LoginTracker instance. More...
void clearCache ()
 Clear the LoginTrackerNode cache.
LoginTrackerNodegetFirstNode ()
 Return first LoginTrackerNode in the cache or NULL if cache empty.
LoginTrackerNodegetNextNode (LoginTrackerNode *n)
 Return the next LoginTrackerNode in the cache or NULL if no more nodes.
LoginTrackerNodefind (HttpRequest *request)
 Find LoginTrackerNode in cache by using the IP address from the request object. More...