Versions Compared

Old Version 9

changes.mady.by.user Ruth Stocks

Saved on

compared with

New Version 10

changes.mady.by.user Magnolia International

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.
Comment: Added rating macro
Wiki Markup
{rate}
{status:implemented|

...

4.4

...

} See [Security > Users

...

Status

Goal

  • Make account unaccessible after number of failed login attempts
  • Let admin set number of max attempts (default 5?)

Solutions

a) Modify User interface and JCRAuthenticationModule

  • after each failed attempt increase int number
  • save this value as node data
  • if reaches max value then lock
  • after success login null value

b) Implement in login filter

  • check user from http request and login result status
  • check for user "repetition"

Actuall lockout

Hard lock - use existing method to disable account until is enabled again by admin.

...

|http://documentation.magnolia-cms.com/administration/security/users.html#Automaticlockout] documentation {status}
h1. Goal

- [MAGNOLIA-3557|http://jira.magnolia-cms.com/browse/MAGNOLIA-3557]

- Make account unaccessible after number of failed login attempts

- Let admin set number of max attempts (default 5?)


h1. Solutions

h3. a) Modify User interface and JCRAuthenticationModule

- after each failed attempt increase int number

- save this value as node data

- if reaches max value then lock

- after success login null value

h3. b) Implement in login filter

- check user from http request and login result status

- check for user "repetition"

h3. Actuall lockout

*Hard lock* \- use existing method to disable account until is enabled again by admin.

*Time lock* \- implement lock based on time period before account is enabled again with possibility to null this and make account accessible immediately (in edit user dialog probably)