Details
-
Suggestion
-
Resolution: Fixed
-
None
-
EAC
Description
With the new "captcha after x failed logins" system in place, we're seeing lots of accounts getting locked out because people have left things like RSS readers and scripts with RPC connections using old passwords.
It's easy for us to chase these down when people use os_username, but when basic auth is used there is no indication in the apache logs.
Confluence should log the URL and (optionally) the full headers of the connection so that an administrator can compare them to the Apache logs and try to narrow down where the bad logins are coming from.