Feature request: Parse User Account lockout policy setting #2508
Comments
|
@cherukumilli That seems like an interesting feature! But that may require an update of the client SDK's too to support the new errors |
|
@flovilmart Would you guys accept a multi phased change? in phase 2, update JS SDK and android SDK with new error codes |
|
@flovilmart |
|
As long as we're still in an 'opt-in' basis, that would be fine, you could introduce another error code, and let the people know the meaning of that error in the docs :) |
|
Closing this feature request as the PR #2601 has been merged into the master and released as part of release 2.2.19 (https://github.com/ParsePlatform/parse-server/releases/tag/2.2.19). |
@flovilmart @drew-gross
Currently parse-server does not have a way to lock accounts after failed login attempts.
Would you be interested in taking a PR to allow developers the ability to set a Account lockout policy?
Account lockout policy at a high level:
Someone who attempts to use more than a few unsuccessful passwords while trying to log on to your system might be a malicious user who is attempting to determine an account password by trial and error.
Update parse-server to track logon attempts and respond to this type of potential attack by disabling the account for a preset period of time
This setting will have 2 parameters:
Account lockout duration
The Account lockout duration policy setting determines the number of minutes that a locked-out account remains locked out before automatically becoming unlocked. The available range is from 1 through 99,999 minutes.
Account lockout threshold
The Account lockout threshold policy setting determines the number of failed sign-in attempts that will cause a user account to be locked. You can set a value from 1 through 999 failed sign-in attempts.
References
The above template was based on: https://technet.microsoft.com/en-us/library/hh994563(v=ws.11).aspx
The text was updated successfully, but these errors were encountered: