[Koha-bugs] [Bug 21190] GDPR: Log successful/unsuccessful login attempts [part 1]
bugzilla-daemon at bugs.koha-community.org
bugzilla-daemon at bugs.koha-community.org
Thu Jan 30 10:22:53 CET 2020
https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=21190
--- Comment #44 from Marcel de Rooy <m.de.rooy at rijksmuseum.nl> ---
(In reply to Magnus Enger from comment #35)
> Tested this, and everything looks good. To me it makes perfect sense to have
> two regular sysprefs, as Marcel says, some libraries might want to log only
> success or failure.
>
> I have one question, though. After doing one failed login and some
> successful ones I have this in the database:
>
> +-----------+---------------------+------+--------+---------+--------+-------
> -------------------+-----------+
> | action_id | timestamp | user | module | action | object | info
> | interface |
> +-----------+---------------------+------+--------+---------+--------+-------
> -------------------+-----------+
> | 1676 | 2020-01-29 22:17:06 | 51 | AUTH | SUCCESS | 51 | Valid
> password for admin | intranet |
> | 1678 | 2020-01-29 22:17:17 | 0 | AUTH | FAILURE | 0 | Wrong
> password for admin | intranet |
> | 1680 | 2020-01-29 22:17:20 | 51 | AUTH | SUCCESS | 51 | Valid
> password for admin | intranet |
> | 1681 | 2020-01-29 22:18:11 | 51 | AUTH | SUCCESS | 51 | Valid
> password for admin | intranet |
> +-----------+---------------------+------+--------+---------+--------+-------
> -------------------+-----------+
>
> The successfull logins are tied to a user (51), but the failed one is not
> (0). Couldn't the failed one also be tied to the user, as long as the
> username provided is the username of an actual user in the db? Or is there
> some reason for not doing this?
>
> Apart from this question I'm ready to sign off.
Thanks, Magnus.
I do not really remember a specific reason. I could register it if it is
available. People could try to hack an existing and a not-existing account.
So we might have a $patron, we might not.
--
You are receiving this mail because:
You are watching all bug changes.
More information about the Koha-bugs
mailing list