Max number of attempts in login form

Author Message

Nathalie Grimaud

Monday 11 September 2006 9:07:16 am

Is there an easy way to set a max number of attempts in login form?

I don't want a user (or a script) to test every possible password.
So I could tell eZ to disable the account after xx attempts.

Maybe you have other ideas about this security issue...

Norman Leutner

Monday 11 September 2006 10:56:04 am

As far as I know there is no standard ez functinality for this.

Mit freundlichen Grüßen
Best regards

Norman Leutner

____________________________________________________________
eZ Publish Platinum Partner - http://www.all2e.com
http://ez.no/partners/worldwide_partners/all2e_gmbh

Łukasz Serwatka

Monday 11 September 2006 11:30:31 am

Hi Nathalie,

I have good news. This feature is implemented in eZ publish 3.9alpha1 (trunk). You may generate patch. Use http://pubsvn.ez.no/nextgen/trunk

More info:
http://pubsvn.ez.no/nextgen/trunk/doc/features/3.9/disabling_accounts_after_a_few_failed_login_attempts.txt

Personal website -> http://serwatka.net
Blog (about eZ Publish) -> http://serwatka.net/blog

Nathalie Grimaud

Monday 11 September 2006 11:42:55 pm

Hi Lukasz,

That's exactly what I expected!

Unfortunately I'm using eZ 3.7.3 and it seems that there are too many features not available in this version and required by my patch (thinking about ezclusterfilehandler for example).

I understand I will have to upgrade to eZ 3.8 first. Am I right ?

Łukasz Serwatka

Monday 11 September 2006 11:54:43 pm

Yes then you need to updgrade to latest 3.8.x. This is well explained in documentation.
http://ez.no/doc/ez_publish/technical_manual/3_8/installation/upgrading/upgrading_from_3_6_x_3_7_x_to_3_8_0

Personal website -> http://serwatka.net
Blog (about eZ Publish) -> http://serwatka.net/blog

Powered by eZ Publish™ CMS Open Source Web Content Management. Copyright © 1999-2014 eZ Systems AS (except where otherwise noted). All rights reserved.