[MAGNOLIA-3557] Implement automatic account lockout after a number of failed log-ins Created: 22/Feb/11 Updated: 08/Sep/11 Resolved: 14/Apr/11 |
|
| Status: | Closed |
| Project: | Magnolia |
| Component/s: | core |
| Affects Version/s: | None |
| Fix Version/s: | 4.4.3 |
| Type: | New Feature | Priority: | Major |
| Reporter: | Daniel Lipp | Assignee: | Ondrej Chytil |
| Resolution: | Fixed | Votes: | 0 |
| Labels: | None | ||
| Remaining Estimate: | Not Specified | ||
| Time Spent: | Not Specified | ||
| Original Estimate: | Not Specified | ||
| Issue Links: |
|
||||||||||||||||||||||||
| Template: |
|
||||||||||||||||||||||||
| Acceptance criteria: |
Empty
|
||||||||||||||||||||||||
| Date of First Response: | |||||||||||||||||||||||||
| Description |
|
There currently is no automatic logout, and since one can use the URL to provide log-in parameters, this could be used to force-guess passwords. Details (copied from Security Report): Severity: High |
| Comments |
| Comment by Magnolia International [ 11/Apr/11 ] |
|
Please extract the task to an independent class rather than assemble so many of them. Will make the MVH easier to read, and the task itself too. If you need several "ifs" and "set or create", you're often better off implementing your own Task rather than doing this (so you can simply work on the node directly rather than describe delegate tasks). This will also help avoiding redundancy in task descriptions, path and property names. And ultimately, it should also help making your task easier to test. |
| Comment by Jan Haderka [ 14/Apr/11 ] |
|
change location of update tasks and improve readability of the code. |