Closed
Bug 445504
Opened 17 years ago
Closed 17 years ago
Provide option to lockout users after number of invalid password attempts
Categories
(Bugzilla :: User Accounts, enhancement, P2)
Bugzilla
User Accounts
Tracking
()
RESOLVED
DUPLICATE
of bug 355283
People
(Reporter: graeme, Assigned: mkanat)
Details
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 5.1; en-GB; rv:1.9) Gecko/2008052906 Firefox/3.0
Build Identifier: Bugzilla 3.0.4
It would be useful to be able to setup a limit on the number of unsuccessful attempts a user may have before their account becomes "locked out".
On a publically accessible system, this is not perhaps useful, but within some industries there are requirements for users to be locked out after a number of unsuccessful login attempts (eg FDA - CFR21 Part 11 compliance).
Suggest that the lockout applies regardless of authentication mechanism (DB or LDAP), and would need a way of recording a count of invalid login attempts internally. The lockout would need to be different to a disabled account (since disabled accounts are displayed with a strikethrough in the UI - for a locked out user account this wouldn't be required).
Within parameters, an extra option in User Authentication would allow setting of the limit, or disabling of lockout by setting the parameter to zero (default).
Reproducible: Always
|
Assignee | |
Comment 1•17 years ago
|
||
Agreed! I have no idea if this is a dupe, though.
In fact, the Mozilla Corporation has hired my company to implement this for bugzilla.mozilla.org as of just about a week ago. :-)
Assignee: user-accounts → mkanat
Status: UNCONFIRMED → NEW
Ever confirmed: true
Priority: -- → P2
|
Reporter | |
Comment 2•17 years ago
|
||
(In reply to comment #1)
> I have no idea if this is a dupe, though.
Had a good look and couldn't see one :)
Another thought on this would be to have an option for a user/group of users to receive a notification email when a user is locked out (again - not necessarily desirable in all situations, but covers a host of regulatory requirements).
|
||
Comment 3•17 years ago
|
||
The reason you couldn't find a dupe is because you cannot see it.
Status: NEW → RESOLVED
Closed: 17 years ago
Resolution: --- → DUPLICATE
|
|
||
Comment 4•16 years ago
|
||
Marking as a security bug as it's a dupe of a security bug.
Group: bugzilla-security
|
|
||
Comment 5•16 years ago
|
||
Bug 355283 is no longer in the security group. Clearing the security flag here as well.
Group: bugzilla-security
You need to log in
before you can comment on or make changes to this bug.
Description
•