[TYPO3-english] Typo3 BE login security
Pero Matic
pero at matic.com
Thu Mar 25 22:02:43 CET 2010
Steffen Müller wrote:
> Hi.
>
> On 25.03.2010 15:36 Tonix (Antonio Nati) wrote:
>> I feel disabling temporarily accounts is a great idea, if it is done
>> in a selective way.
>>
>
> Take IP spoofing into account, mobbing of colleagues, ...
> Blacklisting means much hassle, which can be avoided by good
> passwords. Brute force on strong >12 character password will probably
> always fail, especially with the delay we have on false BE logins.
> IMHO no need for complex blacklisting routines.
Yes, but 12 character strong passwords ie. *j8j_2^%!-Jh are sience fiction
for normal users. Personaly i hate too to enter such crap which i can't
remember and i'd hate to force users for such a hasle. I don't see a problem
in blocking IP from which came 10 or 20 false logins in one hour or half an
hour.
More information about the TYPO3-english
mailing list