I should clarify, for those who may not remember -
If you enable reCAPTCHA and logging, this is not really a security
concern.
Thanks again,
Shannon
On 12.01.2012 02:27, Clément OUDOT wrote:
2012/1/12 Shannon <[email protected]>:
I think I may be missing something, but in AD mode which means you
have to define a manager to change the password - I think that means
you can endlessly try to change someones password.
So, from a hacking point, if I can get to the web page, I can try to
change a users password without ever locking out permanently.
Is there a setting I can invoke to only allow a limited number of
attempts or can we force a lockout (without reset) on a user in
manager mode? Or better yet - do we see support for the user to
make
the change coming or is that a design issue in AD?
The design issue is from PHP LDAP (and a little from AD). I have no
solution yet.
Clément.
_______________________________________________
ltb-users mailing list
[email protected]
http://lists.ltb-project.org/listinfo/ltb-users
