Details
-
Suggestion
-
Resolution: Won't Do
-
None
-
None
-
3
-
Description
NOTE: This suggestion is for Confluence Server. Using Confluence Cloud? See the corresponding suggestion.
It has come to our attention that certain companies have the security policy to completely lock an account completely, after a certain number of failed password attempts.
Currently, Confluence allows the user to still login with the correct password after the maximum failed attempts, as long as they enter the correct Captcha.
We need to allow admins the ability to completely lock the account after a number of failed attempts, something like what this query does:
UPDATE cwd_user_attribute c JOIN cwd_user u ON c.user_id = u.id SET c.attribute_value = 'true', c.attribute_lower_value = 'true' WHERE u.user_name = '<username>' AND c.attribute_name = 'requiresPasswordChange';
Where <username> is the user's username.
Attachments
Issue Links
- relates to
-
CONFCLOUD-37575 Option To Lock User Out Permanently After Maximum Failed Password Attempts
- Gathering Interest
- mentioned in
-
Page Loading...