[Koha-bugs] [Bug 18314] New: Account lockout
bugzilla-daemon at bugs.koha-community.org
bugzilla-daemon at bugs.koha-community.org
Wed Mar 22 01:58:40 CET 2017
https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=18314
Bug ID: 18314
Summary: Account lockout
Change sponsored?: Sponsored
Product: Koha
Version: unspecified
Hardware: All
OS: All
Status: ASSIGNED
Severity: enhancement
Priority: P5 - low
Component: Patrons
Assignee: jonathan.druart at bugs.koha-community.org
Reporter: jonathan.druart at bugs.koha-community.org
QA Contact: testopia at bugs.koha-community.org
CC: gmcharlt at gmail.com, kyle.m.hall at gmail.com
To prevent brute force attacks on Koha accounts, staff and opac, we need to
implement an account lockout process to Koha.
After a number of failed login attempts a users account would become locked.
The user would then need to use the reset password functionality to send a
reset token to their email account. After a successful password reset the
lockout flag would be removed.
The number of failed login attempts before lockout will be configurable using a
system preference.
--
You are receiving this mail because:
You are watching all bug changes.
More information about the Koha-bugs
mailing list