Task #3138 (closed)
Bug: No limit to number of password attempts allowed
| Reported by: | jamoore | Owned by: | jamoore |
|---|---|---|---|
| Priority: | blocker | Milestone: | OMERO-Beta4.2.1 |
| Component: | Security | Version: | n.a. |
| Keywords: | n.a. | Cc: | jeromeavondo@… |
| Resources: | n.a. | Referenced By: | n.a. |
| References: | n.a. | Remaining Time: | 0.0d |
| Sprint: | 2010-10-28 (18) |
Description
4.2.0 improved support for LDAP, but did not include any functionality for limiting the number of login attempts made against the server.
For anyone looking to using LDAP actively, this is a major blocker. As a workaround for 4.2.1, a LoginAttemptListener will be added which will rate-limit logins. In later versions, account locking will be implemented.
See: http://lists.openmicroscopy.org.uk/pipermail/ome-users/2010-October/002448.html
Change History (3)
comment:1 Changed 14 years ago by jmoore
- Owner set to jmoore
- Status changed from new to assigned
comment:2 Changed 14 years ago by jmoore
- Remaining Time changed from 0.25 to 0
- Resolution set to fixed
- Status changed from assigned to closed
comment:3 Changed 13 years ago by Will Moore <will@…>
(In [dd2c29ee9ae64defc9def9aace08dde7269babc9/ome.git] on branch develop) Turning back on OmeroPy integration test3138. See #3138, #6041
Note: See
TracTickets for help on using
tickets.
You may also have a look at Agilo extensions to the ticket.
(In [8361]) Adding LoginAttemptListener to throttle failed logins (Fix #3138)