6.0.0-git
2021-01-18

[#3474] block login for a given time span after x failed logins
Summary block login for a given time span after x failed logins
Queue Kolab
Type Enhancement
State Resolved
Priority 2. Medium
Owners
Requester tokoe (at) kde (dot) org
Created 2006-02-14 (5452 days ago)
Due
Updated 2006-02-22 (5444 days ago)
Assigned
Resolved 2006-02-22 (5444 days ago)
Milestone
Patch No

History
2006-02-22 18:35:06 Jan Schneider Comment #7
State ⇒ Resolved
Reply to this comment
Committed, thanks.
2006-02-22 18:25:58 Jan Schneider Deleted Original Message
 
2006-02-22 18:25:48 Jan Schneider Deleted Original Message
 
2006-02-22 18:25:39 Jan Schneider Deleted Original Message
 
2006-02-21 12:11:54 tokoe (at) kde (dot) org Comment #6
New Attachment: feature_block_login[3].patch Download
Reply to this comment
Hi,
Hi again,



sorry for the noise but i noticed a bug in my previous patch.



No it checks for an empty history as well.




2006-02-21 11:02:58 tokoe (at) kde (dot) org Comment #5
New Attachment: feature_block_login[2].patch
Reply to this comment
Hi,



here is the third revision ;)
A few more comments:
- The patch to conf.xml is missing
fixed
- You assign $history_data, but never use it
fixed
- You loop through $history_log->getData() but overwrite
$history_list each time inside the loop
using array_shift now
- You could use getByTimestamp()  to get the number of failed logins
during the configured time span in one go
To complicated, left the code as it is
- You never delete the history entries (when you have successful
logins), which will fill up the history table with every failed login
Only the relevant timestamps are copied into $new_login_history, so

the history will always be around 5 entries, not more.



Ciao,

Tobias


2006-02-16 13:27:18 Jan Schneider Comment #4 Reply to this comment
A few more comments:

- The patch to conf.xml is missing

- You assign $history_data, but never use it

- You loop through $history_log->getData() but overwrite $history_list 
each time inside the loop

- You could use getByTimestamp()  to get the number of failed logins 
during the configured time span in one go

- You never delete the history entries (when you have successful 
logins), which will fill up the history table with every failed login
2006-02-16 12:35:01 tokoe (at) kde (dot) org Comment #3
New Attachment: feature_block_login[1].patch
Reply to this comment
Hi,



thanks for the comments, attached is the new version of this patch.



Ciao,

Tobias
2006-02-14 15:41:34 Jan Schneider Comment #2
State ⇒ Feedback
Reply to this comment
Since this is a Kolab only feature (for now), please don't create a 
new AUTH_REASON, but use AUTH_REASON_MESSAGE instead.

Also, there are a few coding standards missing: if-clauses alway go 
with curly braces; parentheses don't have padding spaces inside.

And maye you could use the History class instead, that might reduce the code.
2006-02-14 10:33:34 tokoe (at) kde (dot) org Comment #1
Type ⇒ Enhancement
State ⇒ New
Priority ⇒ 2. Medium
Summary ⇒ block login for a given time span after x failed logins
Queue ⇒ Kolab
New Attachment: feature_block_login.patch
Reply to this comment
Hi,



the attached patch adds support for blocking the login after a given 
number of failed logins. That's very usefull to make brute force 
attacks more difficult when your horde is available to the internet.



Ciao,

Tobias

Saved Queries