View Issue Details
ID | Project | Category | View Status | Date Submitted | Last Update |
---|---|---|---|---|---|
0009788 | mantisbt | feature | public | 2008-11-07 16:28 | 2010-04-23 23:23 |
Reporter | llattan | Assigned To | |||
Priority | normal | Severity | feature | Reproducibility | always |
Status | closed | Resolution | won't fix | ||
Platform | all | OS | all | OS Version | all |
Product Version | 1.1.4 | ||||
Summary | 0009788: captcha on login screen | ||||
Description | I would like my mantisbt could be accesible from internet, but I think it could be insecure. Could you add CAPTCHA in login screen to avoid brute-force attacks ? I hope you can help me. Regards. | ||||
Tags | No tags attached. | ||||
related to | 0009789 | acknowledged | password policies and lockout for failed login attempts |
I'm OK with showing it only after a couple of failing attempts. |
|
you can use the config variable $g_max_failed_login_count to set an upper limit to protect against brute-force login attempts there is a "Lost your password" option for users who fail once or twice so I'm closing this as "won't fix", but if the feature is really desired, reopen it |
|