Page History
Devstatus | ||||
---|---|---|---|---|
| ||||
|
Officialdocu | ||||
---|---|---|---|---|
|
Goal
- Make account unaccessible after number of failed login attempts
- Let admin set number of max attempts (default 5?)
Solutions
a) Modify User interface and JCRAuthenticationModule
- after each failed attempt increase int number
- save this value as node data
- if reaches max value then lock
- after success login null value
b) Implement in login filter
- check user from http request and login result status
- check for user "repetition"
Actuall lockout
Hard lock - use existing method to disable account until is enabled again by admin.
...
Overview
Content Tools