RE: Review Request: CS-10219 Add option to set login attempts to portal.

Thu, 20 Sep 2012 02:55:40 -0700 

This was committed and tested last week with commit - 
a56631bc66713faaa99759eb374e11afd6f533d3
Saksham – Please close it

From: saksham srivastava [mailto:[email protected]] On Behalf Of 
saksham srivastava
Sent: Monday, September 10, 2012 3:26 PM
To: Alena Prokharchyk; Nitin Mehta; Devdeep Singh
Cc: Saksham Srivastava; cloudstack
Subject: Re: Review Request: CS-10219 Add option to set login attempts to 
portal.

This is an automatically generated e-mail. To reply, visit: 
https://reviews.apache.org/r/6858/



On September 7th, 2012, 10:29 a.m., Nitin Mehta wrote:
server/src/com/cloud/user/AccountManagerImpl.java<https://reviews.apache.org/r/6858/diff/6/?file=150620#file150620line1876>
 (Diff revision 6)


private UserAccount getUserAccount(String username, String password, Long 
domainId, Map<String, Object[]> requestParameters) {


1876


                            s_logger.warn("User " + acct.getUsername() + " has 
been disabled due to multiple failed login attempts");


Can you suggest him corrective action ? Like contacting him an admin or 
resetting his password. What options does he have.

I think there should be an alert generated to alert the admin that the user got 
locked. Also there should be an option to try infinitely like we have 
today.(may be setting it to -1). Its not fair to ask u to implement it right 
away but please file a bug for this.

On September 7th, 2012, 11:52 a.m., saksham srivastava wrote:

Improved the message, will create a related bug and also update it on Wiki page 
for Login attempts

On September 10th, 2012, 8:05 a.m., Nitin Mehta wrote:

If you dont mind can you please create the bug right away :) and let me know

Created issue : http://bugs.cloudstack.org/browse/CS-16314


- saksham


On September 7th, 2012, 11:46 a.m., saksham srivastava wrote:
Review request for cloudstack, Devdeep Singh, Nitin Mehta, and Alena 
Prokharchyk.
By saksham srivastava.

Updated Sept. 7, 2012, 11:46 a.m.

Description

Added global setting login.attempts.allowed which defines the maximum incorrect 
password attempts allowed.

Also after the maximum attempts are reached the user account is disabled.


Testing

Verified locally.

Bugs: CS-10219
Diffs

 *   core/src/com/cloud/user/UserAccountVO.java (5e7c018)
 *   server/src/com/cloud/configuration/Config.java (ebcd070)
 *   server/src/com/cloud/configuration/ConfigurationManagerImpl.java (f9da08d)
 *   server/src/com/cloud/user/AccountManagerImpl.java (38153f3)
 *   setup/db/create-schema.sql (fa933e3)
 *   setup/db/db/schema-302to40.sql (aaf23e6)

View Diff<https://reviews.apache.org/r/6858/diff/>

Reply via email to