fineract-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Binny Gopinath Sreevas (JIRA)" <j...@apache.org>
Subject [jira] [Created] (FINERACT-136) Security improvements on authentication/passwords
Date Thu, 07 Apr 2016 09:04:25 GMT
Binny Gopinath Sreevas created FINERACT-136:
-----------------------------------------------

             Summary: Security improvements on authentication/passwords
                 Key: FINERACT-136
                 URL: https://issues.apache.org/jira/browse/FINERACT-136
             Project: Apache Fineract
          Issue Type: Improvement
            Reporter: Binny Gopinath Sreevas
            Assignee: Markus Geiss


Make improvements to keep track of authentication attempts and security by doing the following:
a) Logging user logins - whenever any user tries to login (success or failure) below logs
should be stored in the database:
	username/userid
	user agent (Browser, OS, device)
	IP address
	Date/Time
	login success or failure

b) Facility to preventing brute force attacking - system should block the user after n unsuccessful
attempts in a day for m number of days, (n,m are configurable)

c) Configure passwords to expire - for example: after 2 months - Should be possible to set
non-expiring passwords as a policy for the organization.



--
This message was sent by Atlassian JIRA
(v6.3.4#6332)

Mime
View raw message