Bug #31203
closed
No delay in case of wrong Install Tool password
Added by Steffen Gebert over 12 years ago. Updated about 4 years ago.
0%
Description
When the Install Tool is enabled, failed password logins are not delayed with an artificial waiting time.
Files
| 31203.diff (432 Bytes) 31203.diff | Steffen Gebert, 2011-10-23 20:10 |
Updated by Steffen Gebert over 12 years ago
- Status changed from New to Under Review
Updated by Helmut Hummel almost 12 years ago
We discussed this during the code sprint and came to the conclusion that it does not help too much, as you can do parallel requests. other than the backend login, you do not need challenge or rsa key.
Additionally the Install Tool is locked by default anyway.
Although the benefit is low, I will not block such a change, but this can be discussed publicly.
Updated by Helmut Hummel almost 12 years ago
- Status changed from Under Review to Needs Feedback
Updated by Helmut Hummel almost 12 years ago
- Project changed from 1716 to TYPO3 Core
Updated by Alexander Opitz almost 11 years ago
- Status changed from Needs Feedback to New
Updated by Mathias Schreiber over 9 years ago
- Category set to Backend User Interface
- Status changed from New to Needs Feedback
- Target version set to 7.4 (Backend)
- Is Regression set to No
How do we determine who to block out?
Everybody or just the same IP?
Updated by Steffen Gebert over 9 years ago
Every unsuccessful login. It's not about blocking, it's about slowing down response times.
Updated by Alexander Opitz almost 9 years ago
- Status changed from Needs Feedback to New
Updated by Susanne Moog almost 9 years ago
- Target version changed from 7.4 (Backend) to 7.5
Updated by Benni Mack over 8 years ago
- Target version changed from 7.5 to 7 LTS
Updated by Benni Mack over 8 years ago
- Status changed from New to Needs Feedback
- Target version deleted (
7 LTS)
@Helmut: How to proceed here?
Updated by Alexander Opitz almost 8 years ago
- Assignee changed from Steffen Gebert to Helmut Hummel
Benni liked to get an answer from you in this issue, so assigning to you for now.
Updated by Helmut Hummel over 7 years ago
- Category changed from Backend User Interface to Security
- Assignee deleted (
Helmut Hummel) - % Done changed from 80 to 0
Updated by Helmut Hummel over 7 years ago
- Status changed from Needs Feedback to Accepted
The status is: no action so far
Updated by Benni Mack about 4 years ago
- Status changed from Accepted to Rejected
Will close this one, taking the comments from the Code Sprints (from over 7 years ago) into account.