Reminder: Create & find trunk-related issues here. Legacy Trac tickets are still available. Problems? Workflow feedback? Need a module project? Open a support ticket.

OpenMRS Trunk

Need an option to disable IP-based lockout for failed logins

Details

  • Type: New Feature New Feature
  • Status: Closed Closed
  • Priority: Must Must
  • Resolution: Fixed
  • Affects Version/s: None
  • Fix Version/s: OpenMRS 1.5.0
  • Component/s: None
  • Keywords:
  • Description:
    Hide

    In our setup at Rwinkwavu Hospital in Rwanda, our OpenMRS server is in the DMZ on the other side of a router. As a result all client machines appear to be on the same IP address. So if someone messes up their password, then everyone at the hospital is locked out.

    We need a setting to control whether the lock out is by username or by IP address.

    I think this should be a global property. Any disagreements?

    Rwanda requests that we do this in the sync branch ASAP, because they cannot do any big new user trainings until we have this fixed.

    Show
    In our setup at Rwinkwavu Hospital in Rwanda, our OpenMRS server is in the DMZ on the other side of a router. As a result all client machines appear to be on the same IP address. So if someone messes up their password, then everyone at the hospital is locked out. We need a setting to control whether the lock out is by username or by IP address. I think this should be a global property. Any disagreements? Rwanda requests that we do this in the sync branch ASAP, because they cannot do any big new user trainings until we have this fixed.

Attachments

  1. Text File
    configureIpLockouts.patch
    (8 kB)
    Burke Mamlin
    2009-07-03 23:18:49 EDT

Activity

Ascending order - Click to sort in descending order
Hide
Permalink
Ben Wolfe added a comment - 2009-05-12 17:10:38 EDT

Sounds fine by me. I think there is already a per-user lockout that just doesn't get reached. Making the ip lockout on/off via a global property sounds fine.

I see no reason you can't write it for sync and port it to trunk (or vice versa).

Show
Ben Wolfe added a comment - 2009-05-12 17:10:38 EDT Sounds fine by me. I think there is already a per-user lockout that just doesn't get reached. Making the ip lockout on/off via a global property sounds fine. I see no reason you can't write it for sync and port it to trunk (or vice versa).
Hide
Permalink
Darius Jazayeri added a comment - 2009-07-03 23:18:49 EDT

This is not how I want to implement this anymore

Show
Darius Jazayeri added a comment - 2009-07-03 23:18:49 EDT This is not how I want to implement this anymore
Hide
Permalink
Darius Jazayeri added a comment - 2009-07-03 23:20:27 EDT

I've attached a patch that would have worked, but since then I've decided I want to implement it differently (per discussion on devsec list).

Show
Darius Jazayeri added a comment - 2009-07-03 23:20:27 EDT I've attached a patch that would have worked, but since then I've decided I want to implement it differently (per discussion on devsec list).
Hide
Permalink
Ben Wolfe added a comment - 2009-07-17 20:58:52 EDT

I increased the default to 100 for IP accounts in rev:9196

Show
Ben Wolfe added a comment - 2009-07-17 20:58:52 EDT I increased the default to 100 for IP accounts in rev:9196
Hide
Permalink
Ben Wolfe added a comment - 2009-07-23 19:11:22 EDT

The rev:9196 trunk patch was committed to 1.5.x in rev:9199 and to 1.4.x in rev:9363.

I'll change this to a global property instead of a permanent setting of 100.

Show
Ben Wolfe added a comment - 2009-07-23 19:11:22 EDT The rev:9196 trunk patch was committed to 1.5.x in rev:9199 and to 1.4.x in rev:9363. I'll change this to a global property instead of a permanent setting of 100.
Hide
Permalink
Ben Wolfe added a comment - 2009-07-23 19:45:38 EDT

Made number of attempts configurable in 1.4.x in rev:9364 (will be in release 1.4.5), in 1.5.x in rev:9366 and trunk in rev:9367.

Added global property name to list on http://openmrs.org/wiki/Global_Properties_Descriptions

Show
Ben Wolfe added a comment - 2009-07-23 19:45:38 EDT Made number of attempts configurable in 1.4.x in rev:9364 (will be in release 1.4.5), in 1.5.x in rev:9366 and trunk in rev:9367. Added global property name to list on http://openmrs.org/wiki/Global_Properties_Descriptions

People

Dates

  • Created:
    2009-05-12 15:41:09 EDT
    Updated:
    2010-07-08 16:22:00 EDT
    Resolved:
    2010-07-01 22:43:58 EDT
Atlassian JIRA (v4.1.1#522) | Report a problem | Request a feature | Contact administrators
Powered by a free Atlassian JIRA open source license for OpenMRS. Try JIRA - bug tracking software for your team.