Uploaded image for project: 'Sling'
  1. Sling
  2. SLING-7939

SlingAuthenticator should post an event for login failures

    XMLWordPrintableJSON

    Details

    • Type: Improvement
    • Status: Closed
    • Priority: Major
    • Resolution: Fixed
    • Affects Version/s: Auth Core 1.4.2
    • Fix Version/s: Auth Core 1.4.4
    • Component/s: None
    • Labels:
      None

      Description

      The login failure events would be useful for the implementation of a failed login throttling solution to prevent brute force dictionary attacks against sling to guess user passwords.  An unlimited number of failed logins should not be allowed, but we need some way to gather the information to thwart it.

        Attachments

          Activity

            People

            • Assignee:
              enorman Eric Norman
              Reporter:
              enorman Eric Norman
            • Votes:
              0 Vote for this issue
              Watchers:
              0 Start watching this issue

              Dates

              • Created:
                Updated:
                Resolved: