[Koha-bugs] [Bug 21190] GDPR: Log successful/unsuccessful login attempts [part 1]
bugzilla-daemon at bugs.koha-community.org
bugzilla-daemon at bugs.koha-community.org
Thu Jan 30 09:55:32 CET 2020
https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=21190
--- Comment #35 from Magnus Enger <magnus at libriotech.no> ---
Tested this, and everything looks good. To me it makes perfect sense to have
two regular sysprefs, as Marcel says, some libraries might want to log only
success or failure.
I have one question, though. After doing one failed login and some successful
ones I have this in the database:
+-----------+---------------------+------+--------+---------+--------+--------------------------+-----------+
| action_id | timestamp | user | module | action | object | info
| interface |
+-----------+---------------------+------+--------+---------+--------+--------------------------+-----------+
| 1676 | 2020-01-29 22:17:06 | 51 | AUTH | SUCCESS | 51 | Valid
password for admin | intranet |
| 1678 | 2020-01-29 22:17:17 | 0 | AUTH | FAILURE | 0 | Wrong
password for admin | intranet |
| 1680 | 2020-01-29 22:17:20 | 51 | AUTH | SUCCESS | 51 | Valid
password for admin | intranet |
| 1681 | 2020-01-29 22:18:11 | 51 | AUTH | SUCCESS | 51 | Valid
password for admin | intranet |
+-----------+---------------------+------+--------+---------+--------+--------------------------+-----------+
The successfull logins are tied to a user (51), but the failed one is not (0).
Couldn't the failed one also be tied to the user, as long as the username
provided is the username of an actual user in the db? Or is there some reason
for not doing this?
Apart from this question I'm ready to sign off.
--
You are receiving this mail because:
You are watching all bug changes.
More information about the Koha-bugs
mailing list