Feature Requests item #3018011, was opened at 2010-06-18 14:30 Message generated for change (Tracker Item Submitted) made by badda You can respond by visiting: https://sourceforge.net/tracker/?func=detail&atid=800590&aid=3018011&group_id=156638
Please note that this message will contain a full copy of the comment thread, including the initial issue submission, for this request, not just the latest update. Category: None Group: None Status: Open Priority: 5 Private: No Submitted By: Badda (badda) Assigned to: Nobody/Anonymous (nobody) Summary: Lock user after n failed attempts to log in. Initial Comment: Currently, passwords can be brute-forced by a remote attacker by trying to log in with guessed passwords until success. This can easily be prevented by introducing a (configurable) limit to the failed login attempts. After that, the user cannot log in anymore and a phpshell-admin must unlock the user (e.g. by editing a value the config.php-file) This would be my idea of implementing: - introduce new value in config.php [settings]-sectinf: max-login-attemps. Here the admin can specify the number of failed login-attemps after which the user is locked. - A number is recorded and kept for each user that states the current amount of failed logins - if this number is equal or larger than max-login-attemps the user cannot log in at all - this number is increased by one after each failed login-attempt for this user - this numer is set to zero after a successful login - after a successful or failed login, the number of failed login-attempts will be shown to the user This would new feature would greatly increase security of the script ---------------------------------------------------------------------- You can respond by visiting: https://sourceforge.net/tracker/?func=detail&atid=800590&aid=3018011&group_id=156638 ------------------------------------------------------------------------------ ThinkGeek and WIRED's GeekDad team up for the Ultimate GeekDad Father's Day Giveaway. ONE MASSIVE PRIZE to the lucky parental unit. See the prize list and enter to win: http://p.sf.net/sfu/thinkgeek-promo _______________________________________________ phpshell-devel mailing list phpshell-devel@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/phpshell-devel
