file with a security word

[albert]

in a file I have a function

when one access at the file, to have initially a text box where is
necessary to insert a word Safety (similar at password but must to be in
clear) to continue the code.


other
if one enter wrong security code for 5 times, lock all for an hour

[Jerry Stuckle]

Ok, what have you tried so far?

--
==================
Remove the "x" from my email address
Jerry Stuckle
jstu...@attglobal.net
==================

[Gordon Burditt]

> in a file I have a function
>
> when one access at the file, to have initially a text box where is
> necessary to insert a word Safety (similar at password but must to be in
> clear) to continue the code.

Actually, I'm surprised it's not a text box into which you have to type
(or paste) an overly long and complicated copy of the terms of service,
complete with the requirement to turn over the first-born child,
character-for-character correct for each of 100KB characters.

>
> other
> if one enter wrong security code for 5 times, lock all for an hour

You will need to have users identify themselves securely before they get
to this page. You also need to avoid the problem of a user following
this logic:

X: Create a new account.
Log in to that account.
Enter the wrong security code.
Enter the wrong security code.
Enter the wrong security code.
Enter the wrong security code.
Enter the wrong security code.
Go to X.
and doing it with a bot so the whole loop executes in a few seconds.

Either prohibit user creation of new accounts, or require something
unique for each account (like an email address or phone number that
works (and you test before activating the account), different from
that of any other account), or introduce long delays between signing
up and the account becoming active.

I presume you DO NOT mean: if 5 different users (but since you
have no login system you don't know this) enter the wrong security
code in order, one in Texas, one in France, one in Australia, one
in Japan, and one in China, with no intervening entry of the correct
code by any other user, then you lock out *ALL* users in the entire
world from accessing the file for the next hour.

You have not specified details of the algorithm. One way might be:

On initially creating a user, set the error count to 0 and
lockout_until_time to the distant past. Or, depending on
what's in this file, set lockout_until_time to the date and
time of his 18th birthday.

Check that the user is correctly logged in each time this
page where you enter the security code is visited.

If it's earlier than lockout_until_time, regardless of the
count, ignore the security code and set lockout_until_time to
1 hour in the future and deny access, else

If the user enters a correct security code, set the error
count to 0 and allow access, else

If the user enters an incorrect security code, increment
the error code. If the resulting error count is >= 5, set
the lockout_until_time to 1 hour in the future, and deny
access. Be sure not to let the error count overflow to a
negative number or zero.

Thus, if a user entered an incorrect security code in 1776, 1876,
1976, and 2009, and does so again now, you lock him out until 1
hour in the future. If he subsequently tries to get in every 59
minutes, continue locking him out indefinitely regardless of what
security code he enters until he takes a break longer than an
hour. (Humans need to sleep; bots don't).

You need a way to keep track of each user, with a count of the
number of wrong codes and the time of the last one. This probably
goes into a database. *DO NOT* store things like the bad security
code count on the user's browser in a cookie so he can reset it by
clearing cookies.


After you have implemented a whole user-login system, checking the
security code should be easy, and I assume it's a homework assignment.

[Jerry Stuckle]

On 9/5/2016 5:07 PM, Gordon Burditt wrote:
>> in a file I have a function
>>
>> when one access at the file, to have initially a text box where is
>> necessary to insert a word Safety (similar at password but must to be in
>> clear) to continue the code.
>
> Actually, I'm surprised it's not a text box into which you have to type
> (or paste) an overly long and complicated copy of the terms of service,
> complete with the requirement to turn over the first-born child,
> character-for-character correct for each of 100KB characters.
>>

<snip>

Gordon, I suspect this is a homework problem...

[Gordon Burditt]

> Gordon, I suspect this is a homework problem...

Did you read my post? I said in the last paragraph I thought it
was a homework assignment.

If previous assignments haven't involved setting up a user login
system, it's somewhat of a difficult problem because it drags in
requirements for a lot of infrastructure that isn't mentioned in
the assignment. If it's gradually building on previous assignments,
that makes more sense.

It's not quite as bad as the project to build a toll-tag system
that forgets to mention that you have to invent motor vehicles,
credit cards, and a currency system, build some roads, and invent
something to use as fuel for the motor vehicles.

[Jerry Stuckle]

Yes, but this is a basic exercise. Nothing to do with logins or
anything so complicated. Just a matter of entering s keyword and
downloading a file.

It's more of processing a single input field and ensuring it is correct;
logins and sessions come much later.