Feature #19987
closedSecurity: Backend user should be disabled after x failed log in (and the appropriate option is set in the install tool)
0%
Description
It's possible to attack the server and try to login as often as you want.
Backend user should be disabled after x failed log in.
This is also an Facebook etc. issue.
(issue imported from #M10388)
Updated by Steffen Müller about 15 years ago
Careful with that. On the other hand this opens doors to DDOS attacks, when user accounts get disabled in masses - although they have proper passwords and don't fear any attack.
A better proposal would be "Backend user should be disabled after x failed log in and the appropriate option is set in the install tool."
Updated by Vitali Stoller about 15 years ago
"A better proposal would be "Backend user should be disabled after x failed log in and the appropriate option is set in the install tool."
That would also have been my suggestion.
Updated by Alexander Opitz over 10 years ago
- Tracker changed from Bug to Feature
- Target version deleted (
0)
Updated by Wouter Wolters over 9 years ago
- Status changed from New to Closed
Duplicate of #19987
Please continue there.
Updated by Thomas Sperling over 8 years ago
- Status changed from Closed to New
- Target version set to 6.2.16
Why is this Ticket closed and why isn't there any core-solution for several years?
If there are options in the InstallTool there is no reason to not have this really useful feature.
EDIT: there is a feature since 6.2.14: https://typo3.org/teams/security/security-bulletins/typo3-core/typo3-core-sa-2015-006/ similiar but not exactly the wished feature
Updated by Riccardo De Contardi over 8 years ago
- Subject changed from Security: Backend user should be disabled after x failed log in to Security: Backend user should be disabled after x failed log in (and the appropriate option is set in the install tool)
- Target version changed from 6.2.16 to Candidate for patchlevel