[jira] [Resolved] (SLING-7939) SlingAuthenticator should post an event for login failures

Eric Norman (JIRA) Tue, 18 Sep 2018 18:07:22 -0700


     [ 
https://issues.apache.org/jira/browse/SLING-7939?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
 ]


Eric Norman resolved SLING-7939.
--------------------------------
    Resolution: Fixed

Fixed at: 
https://github.com/apache/sling-org-apache-sling-auth-core/commit/c81d411a6bbd691e1c9bad6f7581a417eee06ab3

> SlingAuthenticator should post an event for login failures
> ----------------------------------------------------------
>
>                 Key: SLING-7939
>                 URL: https://issues.apache.org/jira/browse/SLING-7939
>             Project: Sling
>          Issue Type: Improvement
>    Affects Versions: Auth Core 1.4.2
>            Reporter: Eric Norman
>            Assignee: Eric Norman
>            Priority: Major
>             Fix For: Auth Core 1.4.4
>
>
> The login failure events would be useful for the implementation of a failed 
> login throttling solution to prevent brute force dictionary attacks against 
> sling to guess user passwords.  An unlimited number of failed logins should 
> not be allowed, but we need some way to gather the information to thwart it.



--
This message was sent by Atlassian JIRA
(v7.6.3#76005)

[jira] [Resolved] (SLING-7939) SlingAuthenticator should post an event for login failures

Reply via email to