GOOGLE CAPTCHA (foodomaa security)

tusHedel

Without google CAPTCHA it’s easy to hack foodomaa with a mass request. So implement google CAPTCHA immediately to every login and register page .

wpradobr

tusHedel Use cloudflare for that.

azkall

what do you mean mass request? how about account block for 30 seconds is you try 3 times wrong password and 5 minute the next 3 times. so if they forgot the can reset the password. clients don't like google captcha

tusHedel

azkall no because users can forget there password and we are not going to punish them for them.

99% of the world uses google captcha so everybody know why it’s used. If I write a script now I can make 1.000.000 accounts with a bot on foodomaa in minutes I can brute force foodomaa

azkall

tusHedel I as a USER I hate google captcha. worst thing ever.

Mohit

If it's big problem then should solve this without google captcha . Most of user don't like this.

NikhilJain

just remove the password option and make user to login with otp its easy and convenient.

tusHedel

How to remove password and replace with sms ?

NikhilJain

tusHedel they will bring this feature in upcoming updates I guess

JusanSG

Actually no one likes capcha, but it should appear after 2 or 3 login fail, I think so.

AbdulRehman

JusanSG
Agree and for admin panel required 2factor authentication.

Saurabh

This is not on the priority roadmap.
BUT surely some level of security would be good.

One who needs to do something about it do the following:

Go to the file: /routes/web.php

There you will find some routes like below:

Route::post('/auth/login', 'Auth\LoginController@login')->name('post.login');

Here we need to group this route and add a throttle middleware to it.

Route::group(['middleware' => 'throttle:5,10'], function () {
    Route::post('/auth/login', 'Auth\LoginController@login')->name('post.login');
});

Here throttle:5,10 means: from one IP only 5 calls to the login form submission can be every 10 munites.
Feel free to experiment with 5,10 according to your business needs.