[Koha-bugs] [Bug 25947] Improve locked account message
bugzilla-daemon at bugs.koha-community.org
bugzilla-daemon at bugs.koha-community.org
Mon Mar 6 00:46:01 CET 2023
https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=25947
--- Comment #16 from David Cook <dcook at prosentient.com.au> ---
(In reply to solene.ngamga from comment #8)
> 3. In the OPAC, try to log in with the username and a wrong password 3 times
> 4. Go back to the patron's account in the staff interface
> 5. Note that there is a message : "Patron's account has been locked (due to
> 3 failed login attempts)"
We really shouldn't be doing this. It's best practice not to tell an
unauthenticated user that an account has been locked due to failed login
attempts. It leaks information about system settings and user accounts.
--
You are receiving this mail because:
You are watching all bug changes.
More information about the Koha-bugs
mailing list