[CORE-287] Lockout after failed logins - i2b2 JIRA

XML

Word

Printable

Details

Type: Sub-Task
Status: Resolved
Priority: Major
Resolution: Done
Affects Version/s: 1.7.10
Fix Version/s: 1.7.10
Component/s: CRC Cell, PM Cell
Labels:
- wikirelease

Affects Database/s:

All databases

Testing Notes:

Hide
Tested and verified the lockout is working correctly.

Changed the value's of the following parameters to verify they are working correctly.

PM_LOCKED_MAX_COUNT
PM_LOCKED_WAIT_TIME

Show
Tested and verified the lockout is working correctly. Changed the value's of the following parameters to verify they are working correctly. PM_LOCKED_MAX_COUNT PM_LOCKED_WAIT_TIME

Description

*** Part of the security enhancements update ***

Users are locked-out when the defined number of failed attempts have been reached. Once locked, the user must wait a preset period of time. The lockout threshold and wait time are defined by the site administrator.

NEW PARAMETERS

Two new Global Parameters were created as part of the new lockout feature. These parameters must be defined in the PM_GLOBAL_PARAMS table for users to be locked out after the defined number of failed attempts and number of minutes they must wait before attempting to try again.

Parameter Name: PM_LOCKED_MAX_COUNT
Parameter Value: [number of times user can enter the wrong password]
Parameter Data Type: Text

Parameter Name: PM_LOCKED_WAIT_TIME
Parameter Value: [number of minutes user has to wait after being locked out]
Parameter Data Type: Text

NEW ERROR MESSAGE
The following error message will appear to users when they have reached the threshold and have now locked their account.

ERROR: Too many invalid attempts, user locked out

Attachments

Activity

People

Assignee:: Janice Donahoe

Reporter:: Janice Donahoe

Participant/s:: Janice Donahoe

Votes:: 0 Vote for this issue

Watchers:: 1 Start watching this issue

Dates

Created:: 24/Jan/18 4:57 PM

Updated:: 25/Apr/18 3:17 PM

Resolved:: 12/Apr/18 8:08 PM