Manual:$wgPasswordAttemptThrottle/zh
| 用户权限、访问控制和监视: $wgPasswordAttemptThrottle | |
|---|---|
| Limit password attempts per IP per address. |
|
| 引进版本: | 1.14.0 (r38886)(git #6fcfa981) |
| 移除版本: | 仍在使用 |
| 允许的值: | (array) |
| 默认值: | 参见下方 |
| 其他设置: 按首字母排序 | 按功能排序 | |
细节
Limit password attempts to count attempts per seconds per IP per username.
$wgMainCacheType must be set to something other than CACHE_NONE for this setting to work.
When the throttle is hit, the AuthenticationAttemptThrottled hook gets called.
To disable, put the following in LocalSettings.php:
$wgPasswordAttemptThrottle = [];
| MediaWiki版本: | ≥ 1.27 |
Multiple thresholds can be added. They will all be tested separately.
Default value
| MediaWiki版本: | ≥ 1.27 |
$wgPasswordAttemptThrottle = [
// Short term limit.
[ 'count' => 5, 'seconds' => 300 ],
// Long term limit.
// We need to balance the risk of somebody using this as a DoS attack to lock someone out of their account, and someone doing a brute force attack.
[ 'count' => 150, 'seconds' => 60 * 60 * 48 ],
];
| MediaWiki版本: | 1.14 – 1.26 |
/**
* Limit password attempts to X attempts per Y seconds per IP per account.
*
* @warning Requires memcached.
*/
$wgPasswordAttemptThrottle = array( 'count' => 5, 'seconds' => 300 );