[Top][All Lists]
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[Phpgroupware-tracker] [bug #5313] "blocked, too many attempts" and site
|
From: |
nobody |
|
Subject: |
[Phpgroupware-tracker] [bug #5313] "blocked, too many attempts" and sitemgr |
|
Date: |
Thu, 30 Oct 2003 21:35:48 -0500 |
|
User-agent: |
Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.3.1) Gecko/20030428 |
=================== BUG #5313: LATEST MODIFICATIONS ==================
http://savannah.gnu.org/bugs/?func=detailbug&bug_id=5313&group_id=509
Changes by: Chris Weiss <address@hidden>
Date: Thu 10/30/2003 at 20:35 (America/Chicago)
What | Removed | Added
---------------------------------------------------------------------------
Assigned to | None | skwashd
------------------ Additional Follow-up Comments ----------------------------
assing this to skwashd cause it's a security issue and looks to be forgotten.
I don't know who it should go to otherwise.
=================== BUG #5313: FULL BUG SNAPSHOT ===================
Submitted by: None Project: phpGroupWare
Submitted on: Mon 09/15/2003 at 10:56
Category: sitemgr Bug Group: 0.9.16RC1
Severity: 5 - Major Priority: High
Resolution: None Assigned to: skwashd
Status: Open Component Version: None
Platform Version: None Reproducibility: Every Time
Summary: "blocked, too many attempts" and sitemgr
Original Submission: came across this on the phpgw site itself. If someone
attampts to login to phpgw as teh user that sitemrg is using too many times
with the wrong password it manages to efficively lock out the site forever on a
busy site. Nice little DoS bug. added a hard coded "hack" to prevent the user
from ever being blocked to get site up again.
would the proper fix be to change login_blocked() to look only for "bad login
or password" records when checking for # login attempts? This would still
cause the user to be blocked, and the site to be down, for 30 minutes, or
whatever the Admin sets as the "blocked time". Or even a change to the session
class to say "sitemgr calling, don't block me"?
Follow-up Comments
*******************
-------------------------------------------------------
Date: Thu 10/30/2003 at 20:35 By: cw
assing this to skwashd cause it's a security issue and looks to be forgotten.
I don't know who it should go to otherwise.
-------------------------------------------------------
Date: Mon 09/15/2003 at 11:29 By: pooh_
Just as a reminder:
This bug is in the same 'area' of interest: bug #5311
-------------------------------------------------------
Date: Mon 09/15/2003 at 10:58 By: cw
woops, forgot to login before submiting.. I sent in this one.
CC list is empty
No files currently attached
For detailed info, follow this link:
http://savannah.gnu.org/bugs/?func=detailbug&bug_id=5313&group_id=509
_______________________________________________
Message sent via/by Savannah
http://savannah.gnu.org/
| [Prev in Thread] |
Current Thread |
[Next in Thread] |
- [Phpgroupware-tracker] [bug #5313] "blocked, too many attempts" and sitemgr,
nobody <=