[GERONIMO-419] Lockout after N failed logins - ASF JIRA

XML

Word

Printable

JSON

Details

Type: New Feature
Status: Closed
Priority: Minor
Resolution: Fixed
Affects Version/s: 1.0-M2
Fix Version/s: 1.0
Component/s: security
Labels:
None

Description

It would be nice if the default security realms supported locking an account after a certain number of consecutive failed logins. Lacking that, it would be nice if they supported a configurable delay on a failed login attempt. Both methods help defend against brute force login attacks.

This is a pretty low priority, but IMHO it still goes on the "nice to have" list.

Attachments

Activity

People

Assignee:: Aaron Mulder

Reporter:: Aaron Mulder

Votes:: 1 Vote for this issue

Watchers:: 0 Start watching this issue

Dates

Created:: 02/Nov/04 04:21

Updated:: 02/Nov/06 10:49

Resolved:: 19/Nov/05 13:07