[Koha-bugs] [Bug 21190] GDPR: Log successful/unsuccessful login attempts
bugzilla-daemon at bugs.koha-community.org
bugzilla-daemon at bugs.koha-community.org
Wed Sep 12 13:16:18 CEST 2018
https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=21190
Marcel de Rooy <m.de.rooy at rijksmuseum.nl> changed:
What |Removed |Added
----------------------------------------------------------------------------
CC| |m.de.rooy at rijksmuseum.nl
--- Comment #2 from Marcel de Rooy <m.de.rooy at rijksmuseum.nl> ---
(In reply to Vitor Fernandes from comment #0)
> *** Requirement description ***
>
> The application MUST log successful and unsuccessful authentication
> operations.
> This is useful, for example, to detect that a user account is being hacked.
How extensive is this requirement? Koha already allows you to lock accounts
after x failed login attempts. Could this be considered as meeting this
requirement already?
Testing the lockout feature I also noticed that the counter is being
incremented too even if the account has been locked out. So each successful and
each unsuccessful authentication triggers a database action. What would be the
use of storing date, time and ip address additionally ?
--
You are receiving this mail because:
You are watching all bug changes.
You are the assignee for the bug.
More information about the Koha-bugs
mailing list