Hi Andrew, thanks for your input.
On Mon, Dec 2, 2013 at 11:35 AM, Muhire Andrew <muhireand...@yahoo.com>wrote: > Hi all, > > Here is my inputs to DHIS2 may be for the future releases: > > -To avoid people from may be misusing, risks of User and Passwrd caching > to their browsers memory, it can be more better if we make it optional on > setting passwords. Like password to expire on date xx/xx/xxxx. This is > important because some Users requests the usernames and passwords for only > research purposes in a given period. eg like only 3 months here the system > can be able to automatically block he/she from logging in. On Facility > users, it can be better to have a specific period and they all alerted to > their emails and forced to change the password.(Note that this is optional). > > This is a sensible request, and is in fact already planned for 2.14: https://blueprints.launchpad.net/dhis2/+spec/password-change > -Another part is if someone prompt and fails to log in several times eg: 6 > or more times the system automatically blocks that person and sends the > message to the administrator for him to check if its not an intruder. > > This I am less sure about - problem is that it will be very simple for an attacker to jam the system by constantly posting login attempts to an instance, hereby triggering the the auto-locking and disabling anyone to log in. Must thing a bit more on this one. cheers Lars
_______________________________________________ Mailing list: https://launchpad.net/~dhis2-devs Post to : dhis2-devs@lists.launchpad.net Unsubscribe : https://launchpad.net/~dhis2-devs More help : https://help.launchpad.net/ListHelp
