OpenMRS

Search:

Login
Settings
Help/Guide
About Trac
Register

Wiki
Timeline
Roadmap
Browse Source
View Tickets
Search
IRC Logs

Ticket Navigation

Ticket #1486 (closed enhancement: fixed)

Opened 10 months ago

Last modified 8 months ago

Need an option to disable IP-based lockout for failed logins

Reported by:	djazayeri	Assigned to:	bwolfe
Priority:	critical	Milestone:	OpenMRS 1.5
Component:	OpenMRS Code Base	Keywords:
Cc:	bwolfe	Introductory Ticket:	0
Code Review Status:

Description

In our setup at Rwinkwavu Hospital in Rwanda, our OpenMRS server is in the DMZ on the other side of a router. As a result all client machines appear to be on the same IP address. So if someone messes up their password, then *everyone at the hospital* is locked out.

We need a setting to control whether the lock out is by username or by IP address.

I think this should be a global property. Any disagreements?

Rwanda requests that we do this in the sync branch ASAP, because they cannot do any big new user trainings until we have this fixed.

Attachments

configureIpLockouts.patch (8.0 kB) - added by djazayeri on 07/03/09 23:18:49.: This is *not* how I want to implement this anymore

Change History

05/12/09 17:10:38 changed by bwolfe

Sounds fine by me. I think there is already a per-user lockout that just doesn't get reached. Making the ip lockout on/off via a global property sounds fine.

I see no reason you can't write it for sync and port it to trunk (or vice versa).

07/03/09 23:18:49 changed by djazayeri

attachment configureIpLockouts.patch added.

This is *not* how I want to implement this anymore

07/03/09 23:20:27 changed by djazayeri

I've attached a patch that would have worked, but since then I've decided I want to implement it differently (per discussion on devsec list).

07/17/09 20:58:52 changed by bwolfe

I increased the default to 100 for IP accounts in [9196]

07/23/09 15:29:28 changed by bmamlin

milestone changed from OpenMRS 1.4 to OpenMRS 1.5.

07/23/09 19:11:22 changed by bwolfe

owner changed from djazayeri to bwolfe.
status changed from new to assigned.

The [9196] trunk patch was committed to 1.5.x in [9199] and to 1.4.x in [9363].

I'll change this to a global property instead of a permanent setting of 100.

07/23/09 19:45:38 changed by bwolfe

status changed from assigned to closed.
resolution set to fixed.

Made number of attempts configurable in 1.4.x in [9364] (will be in release 1.4.5), in 1.5.x in [9366] and trunk in [9367].

Added global property name to list on http://openmrs.org/wiki/Global_Properties_Descriptions

Download in other formats:

Comma-delimited Text
Tab-delimited Text
RSS Feed

Visit the Trac open source project at
http://trac.edgewall.com/