gk1089 opened a new issue #10560: URL: https://github.com/apache/incubator-superset/issues/10560
**Is your feature request related to a problem? Please describe.** In its default state, the Superset login page permits any number of failed login attempts. This has been flagged as a security issue by our sysadmin team, and I agree with them. I have only tested users created in the database and have not tried other authentication methods. **Describe the solution you'd like** The login page should permit, say, 3 incorrect login attempts and should ask the user to try again after a period of time. This time should be customizable from the config file. **Describe alternatives you've considered** I am not sure if this already works for other authentication methods. **Additional context** None. ---------------------------------------------------------------- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. For queries about this service, please contact Infrastructure at: [email protected] --------------------------------------------------------------------- To unsubscribe, e-mail: [email protected] For additional commands, e-mail: [email protected]
