Hi,
As I wrote my previous email, regarding audit trail, I also checked the login
process in the DB.
I think, recording the login processes would be useful (security).
At this moment there are some tables, regarding users and sessions, but login
information did not save.
My proposal:
Keep a log about successful and unsuccessful login attempts to a new table,
including login name, timestamp, IP address, successful/unsuccessful flag
If a company also probed (not valid), it should be registered in a system wide
table.
It would be handy to send out an email (option) or send an xmpp message to the
user about the login attempt.
Above a limit, like 5 unsuccessful login attempts, an alert could be sent to
the system admin.
Supporting 2 factors login, like using a one time password sent by email or sms
after a successful login. A plugin-like system can be ok, where the end user
can develop his preferred method, for example how to send the sms. One time
password could provided by the system.
Any more idea?
Thanks,
István
------------------------------------------------------------------------------
Meet PCI DSS 3.0 Compliance Requirements with EventLog Analyzer
Achieve PCI DSS 3.0 Compliant Status with Out-of-the-box PCI DSS Reports
Are you Audit-Ready for PCI DSS 3.0 Compliance? Download White paper
Comply to PCI DSS 3.0 Requirement 10 and 11.5 with EventLog Analyzer
http://pubads.g.doubleclick.net/gampad/clk?id=154622311&iu=/4140/ostg.clktrk
_______________________________________________
Ledger-smb-devel mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/ledger-smb-devel
