[Koha-bugs] [Bug 21190] GDPR: Log successful/unsuccessful login attempts [part 1]

bugzilla-daemon at bugs.koha-community.org bugzilla-daemon at bugs.koha-community.org
Thu Jan 30 10:22:53 CET 2020 

https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=21190

--- Comment #44 from Marcel de Rooy <m.de.rooy at rijksmuseum.nl> ---
(In reply to Magnus Enger from comment #35)
> Tested this, and everything looks good. To me it makes perfect sense to have
> two regular sysprefs, as Marcel says, some libraries might want to log only
> success or failure. 
> 
> I have one question, though. After doing one failed login and some
> successful ones I have this in the database: 
> 
> +-----------+---------------------+------+--------+---------+--------+-------
> -------------------+-----------+
> | action_id | timestamp           | user | module | action  | object | info 
> | interface |
> +-----------+---------------------+------+--------+---------+--------+-------
> -------------------+-----------+
> |      1676 | 2020-01-29 22:17:06 |   51 | AUTH   | SUCCESS |     51 | Valid
> password for admin | intranet  |
> |      1678 | 2020-01-29 22:17:17 |    0 | AUTH   | FAILURE |      0 | Wrong
> password for admin | intranet  |
> |      1680 | 2020-01-29 22:17:20 |   51 | AUTH   | SUCCESS |     51 | Valid
> password for admin | intranet  |
> |      1681 | 2020-01-29 22:18:11 |   51 | AUTH   | SUCCESS |     51 | Valid
> password for admin | intranet  |
> +-----------+---------------------+------+--------+---------+--------+-------
> -------------------+-----------+
> 
> The successfull logins are tied to a user (51), but the failed one is not
> (0). Couldn't the failed one also be tied to the user, as long as the
> username provided is the username of an actual user in the db? Or is there
> some reason for not doing this? 
> 
> Apart from this question I'm ready to sign off.

Thanks, Magnus.
I do not really remember a specific reason. I could register it if it is
available. People could try to hack an existing and a not-existing account.
So we might have a $patron, we might not.

-- 
You are receiving this mail because:
You are watching all bug changes.

More information about the Koha-bugs mailing list