https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=21190
Marcel de Rooy <[email protected]> changed: What |Removed |Added ---------------------------------------------------------------------------- CC| |[email protected] --- Comment #2 from Marcel de Rooy <[email protected]> --- (In reply to Vitor Fernandes from comment #0) > *** Requirement description *** > > The application MUST log successful and unsuccessful authentication > operations. > This is useful, for example, to detect that a user account is being hacked. How extensive is this requirement? Koha already allows you to lock accounts after x failed login attempts. Could this be considered as meeting this requirement already? Testing the lockout feature I also noticed that the counter is being incremented too even if the account has been locked out. So each successful and each unsuccessful authentication triggers a database action. What would be the use of storing date, time and ip address additionally ? -- You are receiving this mail because: You are watching all bug changes. You are the assignee for the bug. _______________________________________________ Koha-bugs mailing list [email protected] http://lists.koha-community.org/cgi-bin/mailman/listinfo/koha-bugs website : http://www.koha-community.org/ git : http://git.koha-community.org/ bugs : http://bugs.koha-community.org/
