Feature #19987
closed
Security: Backend user should be disabled after x failed log in (and the appropriate option is set in the install tool)
0%
Description
It's possible to attack the server and try to login as often as you want.
Backend user should be disabled after x failed log in.
This is also an Facebook etc. issue.
(issue imported from #M10388)
Updated by Steffen Müller almost 16 years ago
Careful with that. On the other hand this opens doors to DDOS attacks, when user accounts get disabled in masses - although they have proper passwords and don't fear any attack.
A better proposal would be "Backend user should be disabled after x failed log in and the appropriate option is set in the install tool."
Updated by Vitali Stoller almost 16 years ago
"A better proposal would be "Backend user should be disabled after x failed log in and the appropriate option is set in the install tool."
That would also have been my suggestion.
Updated by Alexander Opitz about 11 years ago
- Tracker changed from Bug to Feature
- Target version deleted (
0)
Updated by Wouter Wolters almost 10 years ago
- Status changed from New to Closed
Duplicate of #19987
Please continue there.
Updated by Thomas Sperling about 9 years ago
- Status changed from Closed to New
- Target version set to 6.2.16
Why is this Ticket closed and why isn't there any core-solution for several years?
If there are options in the InstallTool there is no reason to not have this really useful feature.
EDIT: there is a feature since 6.2.14: https://typo3.org/teams/security/security-bulletins/typo3-core/typo3-core-sa-2015-006/ similiar but not exactly the wished feature
Updated by Riccardo De Contardi almost 9 years ago
- Subject changed from Security: Backend user should be disabled after x failed log in to Security: Backend user should be disabled after x failed log in (and the appropriate option is set in the install tool)
- Target version changed from 6.2.16 to Candidate for patchlevel
Updated by