View Issue Details
| ID | Project | Category | View Status | Date Submitted | Last Update |
|---|---|---|---|---|---|
| 0001269 | Composr | core | public | 2013-06-07 14:50 | 2017-03-25 13:55 |
| Reporter | Chris Graham | Assigned To | |||
| Severity | Feature-request | ||||
| Status | non-assigned | Resolution | open | ||
| Product Version | |||||
| Fixed in Version | |||||
| Summary | 0001269: Password-sharing prevention | ||||
| Description | Gather details of what systems a user logs in from, and if they log in with something wildly different (e.g. different browser, and country), block it. Give the staff an option to override. | ||||
| Tags | Type: Security | ||||
| Time estimation (hours) | 20 | ||||
| Sponsorship open | |||||
| related to | 0001276 | non-assigned | Show login history | |
| related to | 0003155 | resolved | Patrick Schmalstig | E-mails upon login/change password/change email address |
|
|
There are a couple of ways this feature might serve. 1) Stopping hackers 2) Stopping sharing of access to paid sites For case '1', we'd probably want to allow the user themselves to unlock the new access. For case '2', it is more of a case of the user being given the option to dispute the block, and the staff an ability to grant a login extension. |
|
|
If you last had session activity within a few minutes before, we can detect if the IP address geolocation is more than 50 miles away of that, and then block it. |
| Date Modified | Username | Field | Change |
|---|---|---|---|
| 2017-03-25 13:54 | Chris Graham | Note Added: 0004898 | |
| 2017-03-25 13:55 | Chris Graham | Relationship added | related to 0003155 |
| 2017-03-25 13:55 | Chris Graham | Relationship added | related to 0001276 |
