[ http://issues.apache.org/jira/browse/GERONIMO-419?page=all ]
Aaron Mulder updated GERONIMO-419:
----------------------------------
Fix Version: 1.0
Description:
It would be nice if the default security realms supported locking an account
after a certain number of consecutive failed logins. Lacking that, it would be
nice if they supported a configurable delay on a failed login attempt. Both
methods help defend against brute force login attacks.
This is a pretty low priority, but IMHO it still goes on the "nice to have"
list.
was:
It would be nice if the default security realms supported locking an account
after a certain number of consecutive failed logins. Lacking that, it would be
nice if they supported a configurable delay on a failed login attempt. Both
methods help defend against brute force login attacks.
This is a pretty low priority, but IMHO it still goes on the "nice to have"
list.
Environment:
Priority: Minor (was: Trivial)
Either strategy could easily be implemented via a new LoginModule.
> Lockout after N failed logins
> -----------------------------
>
> Key: GERONIMO-419
> URL: http://issues.apache.org/jira/browse/GERONIMO-419
> Project: Geronimo
> Type: New Feature
> Components: security
> Versions: 1.0-M2
> Reporter: Aaron Mulder
> Priority: Minor
> Fix For: 1.0
>
> It would be nice if the default security realms supported locking an account
> after a certain number of consecutive failed logins. Lacking that, it would
> be nice if they supported a configurable delay on a failed login attempt.
> Both methods help defend against brute force login attacks.
> This is a pretty low priority, but IMHO it still goes on the "nice to have"
> list.
--
This message is automatically generated by JIRA.
-
If you think it was sent incorrectly contact one of the administrators:
http://issues.apache.org/jira/secure/Administrators.jspa
-
For more information on JIRA, see:
http://www.atlassian.com/software/jira
