https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=30962 --- Comment #6 from David Cook <dcook@prosentient.com.au> --- (In reply to Katrin Fischer from comment #5)
(In reply to David Cook from comment #4)
(In reply to David Cook from comment #3)
(In reply to Tomás Cohen Arazi from comment #2)
How will we prevent abuse for this password-guessing service? Hehe
It's not a public/anonymous endpoint. Only an authenticated and authorized user could use it.
But happy to add more security to lock accounts on too many bad password checks.
I think it would make sense to use the existing lock feature here, also consistent.
ILS-DI locks too.
Done! -- You are receiving this mail because: You are watching all bug changes. You are the assignee for the bug.