[Top][All Lists]
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[Phpgroupware-tracker] [bug #5313] "blocked, too many attempts" and site
From: |
nobody |
Subject: |
[Phpgroupware-tracker] [bug #5313] "blocked, too many attempts" and sitemgr |
Date: |
Mon, 15 Sep 2003 11:56:15 -0400 |
User-agent: |
Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.3.1) Gecko/20030514 Debian/1.3.1.x.1-2 |
=================== BUG #5313: FULL BUG SNAPSHOT ===================
http://savannah.gnu.org/bugs/?func=detailbug&bug_id=5313&group_id=509
Submitted by: None Project: phpGroupWare
Submitted on: Mon 09/15/03 at 11:56
Category: sitemgr Bug Group: 0.9.16RC1
Severity: 5 - Major Priority: None
Resolution: None Assigned to: None
Status: Open Component Version: None
Platform Version: None Reproducibility: None
Summary: "blocked, too many attempts" and sitemgr
Original Submission: came across this on the phpgw site itself. If someone
attampts to login to phpgw as teh user that sitemrg is using too many times
with the wrong password it manages to efficively lock out the site forever on a
busy site. Nice little DoS bug. added a hard coded "hack" to prevent the user
from ever being blocked to get site up again.
would the proper fix be to change login_blocked() to look only for "bad login
or password" records when checking for # login attempts? This would still
cause the user to be blocked, and the site to be down, for 30 minutes, or
whatever the Admin sets as the "blocked time". Or even a change to the session
class to say "sitemgr calling, don't block me"?
No Followups Have Been Posted
CC list is empty
No files currently attached
For detailed info, follow this link:
http://savannah.gnu.org/bugs/?func=detailbug&bug_id=5313&group_id=509
_______________________________________________
Message sent via/by Savannah
http://savannah.gnu.org/
- [Phpgroupware-tracker] [bug #5313] "blocked, too many attempts" and sitemgr,
nobody <=