anubhabsen
commented
8 years ago What exactly has to be done? Lock question for a time period or what?
Closed meghprkh closed 8 years ago
anubhabsen
commented
8 years ago What exactly has to be done? Lock question for a time period or what?
kartikeypant
commented
8 years ago That's your wish imo. Just find a reasonable way to stop the brute force attacks.
meghprkh
commented
8 years ago Though I originally meant to limit the number of wrong answers per question as in hard limit. Though other alternatives include adding captcha or adding delay. IMO delay maybe harder then captcha because it is uusually quite easy to integrate. See https://www.google.com/recaptcha/intro/index.html
meghprkh
commented
8 years ago Forgot one thing but brute force maybe quite impossible once I implement that in CAS-SSO (that is the point of having a SSO system, I dont have to implement everything in different apps). Closing this. If you want to contribute add this feature to CAS-SSO itself (file a bug there, I will comment, there we cant use captcha but we will delay or abort requests which seem suspicious)
Currently there is no limit on the number of wrong answers! So I probably just brute force and get the correct answer. We need to add some limit to the number of wrong answers. But how?
Somehow we would need another model to storing between the number of wrong answers per question per user. Hmm.. seems hard. Have you read the Sequelize docs especially on associations?