Security enhancements (CORE-283)

[CORE-287] Lockout after failed logins Created: 24/Jan/18  Updated: 25/Apr/18  Resolved: 12/Apr/18

Status: Resolved
Project: i2b2 Core Software
Component/s: CRC Cell, PM Cell
Affects Version/s: 1.7.10
Fix Version/s: 1.7.10

Type: Sub-Task Priority: Major
Reporter: Janice Donahoe Assignee: Janice Donahoe
Resolution: Done Votes: 0
Labels: wikirelease
Remaining Estimate: Not Specified
Time Spent: Not Specified
Original Estimate: Not Specified

Rank: 0|hzzzyy:
Sprint: v1710.1
Affects Database/s:
All databases
Testing Notes: Tested and verified the lockout is working correctly.

Changed the value's of the following parameters to verify they are working correctly.

PM_LOCKED_MAX_COUNT
PM_LOCKED_WAIT_TIME
Participant/s:

 Description   
*** Part of the security enhancements update ***

Users are locked-out when the defined number of failed attempts have been reached. Once locked, the user must wait a preset period of time. The lockout threshold and wait time are defined by the site administrator.

NEW PARAMETERS

Two new Global Parameters were created as part of the new lockout feature. These parameters must be defined in the PM_GLOBAL_PARAMS table for users to be locked out after the defined number of failed attempts and number of minutes they must wait before attempting to try again.

Parameter Name: PM_LOCKED_MAX_COUNT
Parameter Value: [number of times user can enter the wrong password]
Parameter Data Type: Text

Parameter Name: PM_LOCKED_WAIT_TIME
Parameter Value: [number of minutes user has to wait after being locked out]
Parameter Data Type: Text


NEW ERROR MESSAGE
The following error message will appear to users when they have reached the threshold and have now locked their account.

                                      ERROR: Too many invalid attempts, user locked out


 Comments   
Comment by Janice Donahoe [ 07/Mar/18 ]
Testing was completed on 2/7/2018.

Tested and verified the lockout is working correctly.

Changed the value's of the following parameters to verify they are working correctly.

PM_LOCKED_MAX_COUNT
PM_LOCKED_WAIT_TIME
Comment by Janice Donahoe [ 12/Apr/18 ]
Tested and verified when the new parameters are defined users will be locked out and required to wait the defined amount of time once they have reached the threshold.
Generated at Thu Apr 02 21:47:51 UTC 2020 using JIRA 7.6.3#76005-sha1:8a4e38d34af948780dbf52044e7aafb13a7cae58.