fineract-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Binny Gopinath Sreevas (JIRA)" <>
Subject [jira] [Created] (FINERACT-136) Security improvements on authentication/passwords
Date Thu, 07 Apr 2016 09:04:25 GMT
Binny Gopinath Sreevas created FINERACT-136:

             Summary: Security improvements on authentication/passwords
                 Key: FINERACT-136
             Project: Apache Fineract
          Issue Type: Improvement
            Reporter: Binny Gopinath Sreevas
            Assignee: Markus Geiss

Make improvements to keep track of authentication attempts and security by doing the following:
a) Logging user logins - whenever any user tries to login (success or failure) below logs
should be stored in the database:
	user agent (Browser, OS, device)
	IP address
	login success or failure

b) Facility to preventing brute force attacking - system should block the user after n unsuccessful
attempts in a day for m number of days, (n,m are configurable)

c) Configure passwords to expire - for example: after 2 months - Should be possible to set
non-expiring passwords as a policy for the organization.

This message was sent by Atlassian JIRA

View raw message