https://bugzilla.wikimedia.org/show_bug.cgi?id=9838
Tyler Romeo <[email protected]> changed: What |Removed |Added ---------------------------------------------------------------------------- Attachment #8793|0 |1 is obsolete| | --- Comment #10 from Tyler Romeo <[email protected]> 2011-07-17 18:21:17 UTC --- Created attachment 8794 --> https://bugzilla.wikimedia.org/attachment.cgi?id=8794 Addition of user notification functionality to user login. Yeah, I really just took the checking for array stuff from the code for throttling since it seemed to work quite nicely. Anyway, I added the documentation, added the messages to messages.inc, changes 172800 to 2*24*3600 (the notation used in other parts of DefaultSettings.php), changed all to tabs, fixed the missing brace, and fixed the mentioned bug by using a third memcached key that keeps track of the last time a failed password attempt was made. As for content, I removed the part about reporting the activity to SITENAME, because really there is nothing the user can do if somebody is making failed attempts to access their account. The only real action a user can take is to ensure his or her password is secure and whatnot. In the case of a botnet attack, there is little that can be done other than just throttle individual IPs like is done in the current functionality. Throttling in general is a bad idea because then a botnet attack can be turned into a DoS attack against the user. And sending the IP address in the email is not a violation of WMF privacy policy, primarily because the attacker is not (yet) logged in and thus not covered under the IP amnesty that registered users receive. Also, the privacy policy allows for the collection and use of a user's IP address if such use "may be used to identify the source(s) of the abusive behavior". -- Configure bugmail: https://bugzilla.wikimedia.org/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are the assignee for the bug. You are on the CC list for the bug. _______________________________________________ Wikibugs-l mailing list [email protected] https://lists.wikimedia.org/mailman/listinfo/wikibugs-l
