Re: [jira] [Updated] (OFBIZ-11244) Remove the user login security question

Wed, 14 Sep 2022 09:02:17 -0700 

Hi,

FYI: Following below Infra advice on Slack I had to change the 
https://www.schneier.com/essays/... URL:

Humbedooh17:53 <https://the-asf.slack.com/archives/CBX4TSBQ8/p1663170822890599>
<< @Jacques Le Roux  you triggered the aardvark spam filter with the URL in your ticket. I will suggest using s.apache.org to shorten it for now, and avoid triggering the spam detection. 
we get hit by a lot of spammers trying to sell essay writing and what not, so it's a 
thing that triggers the spam filter>>

Else you get very troubling messages like
<<Your request has been blocked. If you feel this is in error, please let us know at: ab...@infra.apache.org. Be sure to include your IP address so we know what to look for.>> 
<<The Jira server could not be contacted. This may be a temporary glitch or the 
server may be down.>>

HTH

Jacques

Jacques Le Roux updated OFBIZ-11244:
------------------------------------
    Description:
After our discussion in dev ML athttps://markmail.org/message/2dhc4al4adwgvl7z  
we will remove this feature. This [~paulfoxworthy]'s remark is notably 
important:

bq. Security is only as good as its weakest link (https://s.apache.org/xp8da) , 
and security questions can be a real weakness. Any organisation using OFBiz 
that really hates passwords could look at security keys from Yubico or the like.


  was:
After our discussion in dev ML athttps://markmail.org/message/2dhc4al4adwgvl7z  
we will remove this feature. This [~paulfoxworthy]'s remark is notably 
important:

bq. Security is only as good as its weakest link 
(https://www.schneier.com/essays/archives/2005/02/the_curse_of_the_sec.html) , 
and security questions can be a real weakness. Any organisation using OFBiz 
that really hates passwords could look at security keys from Yubico or the like.




Remove the user login security question
---------------------------------------

                 Key: OFBIZ-11244
                 URL:https://issues.apache.org/jira/browse/OFBIZ-11244
             Project: OFBiz
          Issue Type: Improvement
          Components: ecommerce, framework, party
    Affects Versions: Trunk
            Reporter: Jacques Le Roux
            Assignee: Michael Brohl
            Priority: Major
         Attachments: OFBIZ-11244-framework-correction.patch, 
OFBIZ-11244-framework.patch, OFBIZ-11244-plugins.patch


After our discussion in dev ML athttps://markmail.org/message/2dhc4al4adwgvl7z  
we will remove this feature. This [~paulfoxworthy]'s remark is notably 
important:
bq. Security is only as good as its weakest link (https://s.apache.org/xp8da) , 
and security questions can be a real weakness. Any organisation using OFBiz 
that really hates passwords could look at security keys from Yubico or the like.



--
This message was sent by Atlassian Jira
(v8.20.10#820010)

Reply via email to