Feature #19987
closed
Security: Backend user should be disabled after x failed log in (and the appropriate option is set in the install tool)
Added by Vitali Stoller over 15 years ago.
Updated almost 8 years ago.
Description
It's possible to attack the server and try to login as often as you want.
Backend user should be disabled after x failed log in.
This is also an Facebook etc. issue.
(issue imported from #M10388)
Careful with that. On the other hand this opens doors to DDOS attacks, when user accounts get disabled in masses - although they have proper passwords and don't fear any attack.
A better proposal would be "Backend user should be disabled after x failed log in and the appropriate option is set in the install tool."
"A better proposal would be "Backend user should be disabled after x failed log in and the appropriate option is set in the install tool."
That would also have been my suggestion.
- Tracker changed from Bug to Feature
- Target version deleted (
0)
- Status changed from New to Closed
Duplicate of #19987
Please continue there.
- Status changed from Closed to New
- Target version set to 6.2.16
- Subject changed from Security: Backend user should be disabled after x failed log in to Security: Backend user should be disabled after x failed log in (and the appropriate option is set in the install tool)
- Target version changed from 6.2.16 to Candidate for patchlevel
- Status changed from New to Closed
Also available in: Atom
PDF
Updated by 
Updated by 
Updated by 
Updated by 
Updated by 
Updated by 
Updated by