[
http://jira.magnolia-cms.com/browse/MAGNOLIA-3557?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]
Grégory Joseph reopened MAGNOLIA-3557:
--------------------------------------
Please extract the task to an independent class rather than assemble so many of
them. Will make the MVH easier to read, and the task itself too. If you need
several "ifs" and "set or create", you're often better off implementing your
own {{Task}} rather than doing this (so you can simply work on the node
directly rather than describe delegate tasks). This will also help avoiding
redundancy in task descriptions, path and property names. And ultimately, it
should also help making your task easier to test.
> Implement automatic account lockout after a number of failed log-ins
> --------------------------------------------------------------------
>
> Key: MAGNOLIA-3557
> URL: http://jira.magnolia-cms.com/browse/MAGNOLIA-3557
> Project: Magnolia
> Issue Type: New Feature
> Components: core
> Reporter: Daniel Lipp
> Assignee: Ondřej Chytil
> Priority: Major
> Fix For: 4.4.3
>
>
> There currently is no automatic logout, and since one can use the URL to
> provide log-in parameters, this could be used to force-guess passwords.
> Details (copied from Security Report):
> Severity: High
> Test Type: Application
> Vulnerable URL:
> http://ccd02-01:8080/magnoliaPublic/.magnolia/pages/adminCentral.html
> (Parameter = mgnlUserPSWD)
> Remediation Tasks: Enforce account lockout after several failed login
> attempts
--
This message is automatically generated by JIRA.
-
If you think it was sent incorrectly contact one of the administrators:
http://jira.magnolia-cms.com/secure/Administrators.jspa
-
For more information on JIRA, see: http://www.atlassian.com/software/jira
----------------------------------------------------------------
For list details see
http://www.magnolia-cms.com/home/community/mailing-lists.html
To unsubscribe, E-mail to: <[email protected]>
----------------------------------------------------------------
