You are viewing a plain text version of this content. The canonical link for it is here.

Posted to notifications@superset.apache.org by GitBox <gi...@apache.org> on 2020/08/10 09:17:51 UTC

[GitHub] [incubator-superset] gk1089 opened a new issue #10560: Restrict number of failed login attempts

gk1089 opened a new issue #10560:
URL: https://github.com/apache/incubator-superset/issues/10560


   **Is your feature request related to a problem? Please describe.**
   In its default state, the Superset login page permits any number of failed login attempts. This has been flagged as a security issue by our sysadmin team, and I agree with them. I have only tested users created in the database and have not tried other authentication methods.
   
   **Describe the solution you'd like**
   The login page should permit, say, 3 incorrect login attempts and should ask the user to try again after a period of time. This time should be customizable from the config file.
   
   **Describe alternatives you've considered**
   I am not sure if this already works for other authentication methods.
   
   **Additional context**
   None.
   


----------------------------------------------------------------
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

For queries about this service, please contact Infrastructure at:
users@infra.apache.org



---------------------------------------------------------------------
To unsubscribe, e-mail: notifications-unsubscribe@superset.apache.org
For additional commands, e-mail: notifications-help@superset.apache.org

[GitHub] [incubator-superset] JunlinC commented on issue #10560: Restrict number of failed login attempts

Posted by GitBox <gi...@apache.org>.

JunlinC commented on issue #10560:
URL: https://github.com/apache/incubator-superset/issues/10560#issuecomment-673762447


   🏷 security


----------------------------------------------------------------
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

For queries about this service, please contact Infrastructure at:
users@infra.apache.org



---------------------------------------------------------------------
To unsubscribe, e-mail: notifications-unsubscribe@superset.apache.org
For additional commands, e-mail: notifications-help@superset.apache.org

[GitHub] [incubator-superset] stale[bot] commented on issue #10560: Restrict number of failed login attempts

Posted by GitBox <gi...@apache.org>.

stale[bot] commented on issue #10560:
URL: https://github.com/apache/incubator-superset/issues/10560#issuecomment-751276438


   This issue has been automatically marked as stale because it has not had recent activity. It will be closed if no further activity occurs. Thank you for your contributions. For admin, please label this issue `.pinned` to prevent stale bot from closing the issue.
   


----------------------------------------------------------------
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

For queries about this service, please contact Infrastructure at:
users@infra.apache.org



---------------------------------------------------------------------
To unsubscribe, e-mail: notifications-unsubscribe@superset.apache.org
For additional commands, e-mail: notifications-help@superset.apache.org

[GitHub] [incubator-superset] nytai commented on issue #10560: Restrict number of failed login attempts

Posted by GitBox <gi...@apache.org>.

nytai commented on issue #10560:
URL: https://github.com/apache/incubator-superset/issues/10560#issuecomment-714221343


   This issue is probably better suited for https://github.com/dpgaspar/Flask-AppBuilder. You could also implement your own custom security manager and override the login method, there should be info on how to do this in the flask_appbuilder docs. 


----------------------------------------------------------------
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

For queries about this service, please contact Infrastructure at:
users@infra.apache.org



---------------------------------------------------------------------
To unsubscribe, e-mail: notifications-unsubscribe@superset.apache.org
For additional commands, e-mail: notifications-help@superset.apache.org

[GitHub] [incubator-superset] issue-label-bot[bot] commented on issue #10560: Restrict number of failed login attempts

Posted by GitBox <gi...@apache.org>.

issue-label-bot[bot] commented on issue #10560:
URL: https://github.com/apache/incubator-superset/issues/10560#issuecomment-671248607


   Issue-Label Bot is automatically applying the label `#enhancement` to this issue, with a confidence of 0.81. Please mark this comment with :thumbsup: or :thumbsdown: to give our bot feedback! 
   
    Links: [app homepage](https://github.com/marketplace/issue-label-bot), [dashboard](https://mlbot.net/data/apache/incubator-superset) and [code](https://github.com/hamelsmu/MLapp) for this bot.


----------------------------------------------------------------
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

For queries about this service, please contact Infrastructure at:
users@infra.apache.org



---------------------------------------------------------------------
To unsubscribe, e-mail: notifications-unsubscribe@superset.apache.org
For additional commands, e-mail: notifications-help@superset.apache.org

[GitHub] [incubator-superset] stale[bot] commented on issue #10560: Restrict number of failed login attempts

Posted by GitBox <gi...@apache.org>.

stale[bot] commented on issue #10560:
URL: https://github.com/apache/incubator-superset/issues/10560#issuecomment-714210533


   This issue has been automatically marked as stale because it has not had recent activity. It will be closed if no further activity occurs. Thank you for your contributions. For admin, please label this issue `.pinned` to prevent stale bot from closing the issue.
   


----------------------------------------------------------------
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

For queries about this service, please contact Infrastructure at:
users@infra.apache.org



---------------------------------------------------------------------
To unsubscribe, e-mail: notifications-unsubscribe@superset.apache.org
For additional commands, e-mail: notifications-help@superset.apache.org