Project

General

Profile

Actions

Feature #3096

open

Lock accounts after X failed attempts

Added by Ben Blier over 15 years ago. Updated about 1 year ago.

Status:
New
Priority:
High
Assignee:
-
Category:
Accounts / authentication
Target version:
-
Start date:
2009-04-01
Due date:
% Done:

50%

Estimated time:
Resolution:

Description

I believe Redmine should have the functionality available to put accounts in to a locked state after so many failed login attempts. The number of failed attempts should be configurable via the Administration panel. Notification to an administrator e-mail address that the account was locked is desired as well.

I am surprised this feature has not made it in to Redmine yet. Could this be something that makes it in to a 0.9 release? I plan on exposing my Redmine instance to more than just internal folk within the next 6mo-1yr. I do not want to give any external entity the ability to brute force my password.


Files

login_attempts.diff (12.9 KB) login_attempts.diff probably buggy patch Alexander J. Murmann, 2009-04-13 05:25
login_attempts.diff (13.8 KB) login_attempts.diff Alexander J. Murmann, 2009-04-27 04:26
login_attempts_v2.patch (16.1 KB) login_attempts_v2.patch Mizuki ISHIKAWA, 2023-08-28 04:56

Related issues

Related to Redmine - Feature #3155: Password policy and secure logon procedureNew2009-04-10

Actions
Actions

Also available in: Atom PDF