Project:
| View Issue Details[ Jump to Notes ] | [ Issue History ] [ Print ] | |||||||
| ID | ||||||||
| 0038652 | ||||||||
| Type | Category | Severity | Reproducibility | Date Submitted | Last Update | |||
| feature request | [Openbravo ERP] C. Security | minor | have not tried | 2018-05-29 16:31 | 2018-06-04 09:17 | |||
| Reporter | alostale | View Status | public | |||||
| Assigned To | alostale | |||||||
| Priority | normal | Resolution | fixed | Fixed in Version | 3.0PR18Q3 | |||
| Status | closed | Fix in branch | Fixed in SCM revision | 31ee92fe5dd4 | ||||
| Projection | none | ETA | none | Target Version | ||||
| OS | Any | Database | Any | Java version | ||||
| OS Version | Database version | Ant version | ||||||
| Product Version | SCM revision | |||||||
| Review Assigned To | caristu | |||||||
| Web browser | ||||||||
| Modules | Core | |||||||
| Regression level | ||||||||
| Regression date | ||||||||
| Regression introduced in release | ||||||||
| Regression introduced by commit | ||||||||
| Triggers an Emergency Pack | No | |||||||
| Summary | 0038652: security default: delay response after failed login attempt | |||||||
| Description | In order to mitigate possible brute-force attacks [1], it is possible to configure some delay in the response after failed login attempts. Even this is configurable [2], by default it is disabled. --- [1] https://en.wikipedia.org/wiki/Brute-force_attack [^] [2] http://wiki.openbravo.com/wiki/Openbravo.properties#Log_in_security [^] | |||||||
| Steps To Reproduce | - | |||||||
| Proposed Solution | New instances should have this feature enabled by default with: * 200ms of increment after each consecutive failed login attempt * up to 3 seconds of maximum delay * there will be no user locking by default Existing instance will keep their current configuration | |||||||
| Tags | No tags attached. | |||||||
| Attached Files | ||||||||
 Relationships [ Relation Graph ]
[ Dependency Graph ]
|
||||||||
|
||||||||
 Relationships |
|
Notes |
|
|
(0104799) hgbot (developer) 2018-05-30 09:19 |
Repository: erp/devel/pi Changeset: 31ee92fe5dd441e2ffac6a8ebda8f9a07894478a Author: Asier Lostalé <asier.lostale <at> openbravo.com> Date: Tue May 29 16:36:25 2018 +0200 URL: http://code.openbravo.com/erp/devel/pi/rev/31ee92fe5dd441e2ffac6a8ebda8f9a07894478a [^] fixes 38652: delay response after failed login attempt by default New instances will increse response time in 200ms after each subsequent failed login attempt up to 3 seconds. --- M config/Openbravo.properties.template --- |
|
(0104902) caristu (developer) 2018-06-04 09:17 |
Code reviewed + tested OK. |
|
Notes |
|
Issue History |
|||
| Date Modified | Username | Field | Change |
| 2018-05-29 16:31 | alostale | New Issue | |
| 2018-05-29 16:31 | alostale | Assigned To | => alostale |
| 2018-05-29 16:31 | alostale | Modules | => Core |
| 2018-05-29 16:31 | alostale | Triggers an Emergency Pack | => No |
| 2018-05-29 16:31 | alostale | Relationship added | depends on 0038651 |
| 2018-05-29 16:34 | alostale | Proposed Solution updated | |
| 2018-05-30 09:19 | hgbot | Checkin | |
| 2018-05-30 09:19 | hgbot | Note Added: 0104799 | |
| 2018-05-30 09:19 | hgbot | Status | new => resolved |
| 2018-05-30 09:19 | hgbot | Resolution | open => fixed |
| 2018-05-30 09:19 | hgbot | Fixed in SCM revision | => http://code.openbravo.com/erp/devel/pi/rev/31ee92fe5dd441e2ffac6a8ebda8f9a07894478a [^] |
| 2018-06-01 09:34 | alostale | Review Assigned To | => caristu |
| 2018-06-04 09:17 | caristu | Note Added: 0104902 | |
| 2018-06-04 09:17 | caristu | Status | resolved => closed |
| 2018-06-04 09:17 | caristu | Fixed in Version | => 3.0PR18Q3 |
|
Issue History |
| Copyright © 2000 - 2009 MantisBT Group |
 |