Bug #31203: No delay in case of wrong Install Tool password - TYPO3 Core - TYPO3 Forge

Actions

Bug #31203

closed

No delay in case of wrong Install Tool password

Added by Steffen Gebert about 13 years ago. Updated over 4 years ago.

Status:

Rejected

Priority:

Should have

Assignee:

-

Category:

Security

Target version:

-

Start date:

2011-10-23

Due date:

% Done:

0%

Estimated time:

TYPO3 Version:

4.3

PHP Version:

Tags:

Complexity:

no-brainer

Is Regression:

No

Sprint Focus:

Description

When the Install Tool is enabled, failed password logins are not delayed with an artificial waiting time.

Files

31203.diff (432 Bytes) 31203.diff

Steffen Gebert, 2011-10-23 20:10

Actions

#1

Updated by Steffen Gebert about 13 years ago

File 31203.diff 31203.diff added

Actions

#2

Updated by Helmut Hummel almost 13 years ago

Tags set to scheduled

Actions

#3

Updated by Steffen Gebert almost 13 years ago

Status changed from New to Under Review

Actions

#4

Updated by Steffen Gebert almost 13 years ago

Pushed patches for all branches

Actions

#5

Updated by Helmut Hummel over 12 years ago

We discussed this during the code sprint and came to the conclusion that it does not help too much, as you can do parallel requests. other than the backend login, you do not need challenge or rsa key.
Additionally the Install Tool is locked by default anyway.

Although the benefit is low, I will not block such a change, but this can be discussed publicly.

Actions

#6

Updated by Helmut Hummel over 12 years ago

Status changed from Under Review to Needs Feedback

Actions

#7

Updated by Helmut Hummel over 12 years ago

Project changed from 1716 to TYPO3 Core

Actions

#8

Updated by Alexander Opitz over 11 years ago

Status changed from Needs Feedback to New

Actions

#9

Updated by Mathias Schreiber almost 10 years ago

Category set to Backend User Interface
Status changed from New to Needs Feedback
Target version set to 7.4 (Backend)
Is Regression set to No

How do we determine who to block out?
Everybody or just the same IP?

Actions

#10

Updated by Steffen Gebert almost 10 years ago

Every unsuccessful login. It's not about blocking, it's about slowing down response times.

Actions

#11

Updated by Alexander Opitz over 9 years ago

Status changed from Needs Feedback to New

Actions

#12

Updated by Susanne Moog over 9 years ago

Target version changed from 7.4 (Backend) to 7.5

Actions

#13

Updated by Benni Mack about 9 years ago

Target version changed from 7.5 to 7 LTS

Actions

#14

Updated by Benni Mack about 9 years ago

Status changed from New to Needs Feedback
Target version deleted (~~7 LTS~~)

@Helmut: How to proceed here?

Actions

#15

Updated by Alexander Opitz over 8 years ago

Assignee changed from Steffen Gebert to Helmut Hummel

Benni liked to get an answer from you in this issue, so assigning to you for now.

Actions

#16

Updated by Alexander Opitz about 8 years ago

What is the state of this issue?

Actions

#17

Updated by Helmut Hummel about 8 years ago

Category changed from Backend User Interface to Security
Assignee deleted (~~Helmut Hummel~~)
% Done changed from 80 to 0

Actions

#18

Updated by Helmut Hummel about 8 years ago

Status changed from Needs Feedback to Accepted

The status is: no action so far

Actions

#19

Updated by Benni Mack over 4 years ago

Status changed from Accepted to Rejected

Will close this one, taking the comments from the Code Sprints (from over 7 years ago) into account.

Actions

Also available in: Atom PDF