[#CORE-287] Lockout after failed logins

Security enhancements (CORE-283) [CORE-287] Lockout after failed logins Created: 24/Jan/18 Updated: 25/Apr/18 Resolved: 12/Apr/18
Status:	Resolved
Project:	i2b2 Core Software
Component/s:	CRC Cell, PM Cell
Affects Version/s:	1.7.10
Fix Version/s:	1.7.10

Type:

Sub-Task

Priority:

Major

Reporter:

Janice Donahoe

Assignee:

Janice Donahoe

Resolution:

Done

Votes:

Labels:

wikirelease

Remaining Estimate:

Not Specified

Time Spent:

Not Specified

Original Estimate:

Not Specified

Affects Database/s:

All databases

Testing Notes:

Tested and verified the lockout is working correctly.

Changed the value's of the following parameters to verify they are working correctly.

PM_LOCKED_MAX_COUNT
PM_LOCKED_WAIT_TIME

Participant/s:

Janice Donahoe

Description

*** Part of the security enhancements update ***

Users are locked-out when the defined number of failed attempts have been reached. Once locked, the user must wait a preset period of time. The lockout threshold and wait time are defined by the site administrator.

NEW PARAMETERS

Two new Global Parameters were created as part of the new lockout feature. These parameters must be defined in the PM_GLOBAL_PARAMS table for users to be locked out after the defined number of failed attempts and number of minutes they must wait before attempting to try again.

Parameter Name: PM_LOCKED_MAX_COUNT
Parameter Value: [number of times user can enter the wrong password]
Parameter Data Type: Text

Parameter Name: PM_LOCKED_WAIT_TIME
Parameter Value: [number of minutes user has to wait after being locked out]
Parameter Data Type: Text

NEW ERROR MESSAGE
The following error message will appear to users when they have reached the threshold and have now locked their account.

ERROR: Too many invalid attempts, user locked out

Comments

Comment by Janice Donahoe [ 07/Mar/18 ]

Testing was completed on 2/7/2018.

Tested and verified the lockout is working correctly.

Changed the value's of the following parameters to verify they are working correctly.

PM_LOCKED_MAX_COUNT
PM_LOCKED_WAIT_TIME

Comment by Janice Donahoe [ 12/Apr/18 ]

Tested and verified when the new parameters are defined users will be locked out and required to wait the defined amount of time once they have reached the threshold.

Generated at Mon Apr 14 14:04:49 UTC 2025 using Jira 8.20.11#820011-sha1:0629dd8d260e3954ece49053e565d01dabe11609.

[CORE-287] Lockout after failed logins Created: 24/Jan/18 Updated: 25/Apr/18 Resolved: 12/Apr/18