PHP download

Download the PHP package gburtini/bfd without Composer

On this page you can find all versions of the php package gburtini/bfd. It is possible to download/install these versions without Composer. Possible dependencies are resolved automatically.

Table of contents
Download gburtini/bfd
More information about gburtini/bfd
Files in gburtini/bfd

Vendor gburtini
Package bfd
Short Description Brute force defense: rate limiting tools.
License GPL
Homepage http://github.com/gburtini/PHP-Brute-Force-Defense

Keywords login throttle throttling rate limiting rate limit limit brute force

FAQ

After the download, you have to make one include require_once('vendor/autoload.php');. After that you have to import the classes with use statements.

Example:

If you use only one package a project is not needed. But if you use more then one package, without a project it is not possible to import the classes with use statements.

In general, it is recommended to use always a project to download your libraries. In an application normally there is more than one library needed.

Some PHP packages are not free to download and because of that hosted in private repositories. In this case some credentials are needed to access such packages. Please use the auth.json textarea to insert credentials, if a package is coming from a private repository. You can look here for more information.

Some hosting areas are not accessible by a terminal or SSH. Then it is not possible to use Composer.
To use Composer is sometimes complicated. Especially for beginners.
Composer needs much resources. Sometimes they are not available on a simple webspace.
If you are using private repositories you don't need to share your credentials. You can set up everything on our site and then you provide a simple download link to your team member.
Simplify your Composer build process. Use our own command line tool to download the vendor folder as binary. This makes your build process faster and you don't need to expose your credentials for private repositories.

Please rate this library. Is it a good library?

Informations about the package bfd

PHP Brute Force Defense Tools

This hasn't been maintained in years. Use at your own risk and only with the expertise to build it yourself.

A lightweight framework for mitigating brute force attacks in an online architecture.

Right now, there is only one tool, a session-based rate limiter. It is very general and powerful, but there's a lot of work to do here.

Installation

Installation is available via composer.

composer require gburtini/bfd

Usage

SessionThrottle

__construct(string $name, int $safe, int $upper, float $rate, boolean sleep)
fail(), succeed() - used to report the outcome of the action being protected, a fail increments the counter and a succeed resets it. (aliased as increment() and reset() if success/fail don't make sense for your use case)
test() - returns true or false to indicate whether you should allow the requested call to take place.

Constructing a SessionThrottle means setting the parameters.

$name - a token for the element, function or method that this SessionThrottle instance is protecting
$safe - the number of failures a user gets "free" before they start to get rate limited, you can safely set this quite high for most login related applications.
$upper - the highest power of $rate to be used. Out of the box, this is 20 (with rate 1.3) meaning the highest timeout is 1.3^20 = 190 seconds.
$rate - the base of the exponent used to calculate the time limit. By default, 1.3. Too large, and the throttler is too aggressive. Too small, and it won't be aggressive enough.
$sleep - true/false for whether ->test() should ATTEMPT to always return true (by simply sleeping until the timelimit has passed). Even if sleep is true, the sleep may get interrupted and thus return false. Merely sleeping will not prevent multiple requests for most use-cases. You must check it the return value of test.

Example use: ` Future Work

The intent is to collect a whole set of tools for mitigating brute force attacks here. The SessionThrottle tool is just a start:

Efficient IP-based blocking and throttling.
Data-level blocking (non-session based limits on access to particular data)
Global shutdown tools for mitigiating large-scale brute-force attacks.
Device-cookie tools

License

This program is free software: you can redistribute it and/or modify it under the terms of the GNU General Public License as published by the Free Software Foundation, either version 2 of the License, or (at your option) any later version.

This program is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License for more details.

You should have received a copy of the GNU General Public License along with this program. If not, see http://www.gnu.org/licenses/.

All versions of bfd with dependencies

PHP Build Version

Package Version

Version 0.0.6 Release 26. Dec 2015
create-project require 0 people choosed require and
0 people choosed create-project.

Download

Download latest version of bfd from vendor gburtini

Requires php Version >=5.4.0

Composer command for our command line client (download client) This client runs in each environment. You don't need a specific PHP version etc. The first 20 API calls are free. Standard composer command

The package gburtini/bfd contains the following files

Loading the files please wait ....