You are viewing a plain text version of this content. The canonical link for it is here.

Posted to dev@sling.apache.org by "Carsten Ziegeler (JIRA)" <ji...@apache.org> on 2019/06/18 15:49:00 UTC

[jira] [Closed] (SLING-7939) SlingAuthenticator should post an event for login failures

     [ https://issues.apache.org/jira/browse/SLING-7939?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]

Carsten Ziegeler closed SLING-7939.
-----------------------------------

> SlingAuthenticator should post an event for login failures
> ----------------------------------------------------------
>
>                 Key: SLING-7939
>                 URL: https://issues.apache.org/jira/browse/SLING-7939
>             Project: Sling
>          Issue Type: Improvement
>    Affects Versions: Auth Core 1.4.2
>            Reporter: Eric Norman
>            Assignee: Eric Norman
>            Priority: Major
>             Fix For: Auth Core 1.4.4
>
>
> The login failure events would be useful for the implementation of a failed login throttling solution to prevent brute force dictionary attacks against sling to guess user passwords.  An unlimited number of failed logins should not be allowed, but we need some way to gather the information to thwart it.



--
This message was sent by Atlassian JIRA
(v7.6.3#76005)