[SECURITY] Add hook to implement login protection methods 23/40823/2
authorNicole Cordes <typo3@cordes.co>
Wed, 17 Jun 2015 13:39:41 +0000 (15:39 +0200)
committerBenjamin Mack <benni@typo3.org>
Wed, 1 Jul 2015 14:23:08 +0000 (16:23 +0200)
commit0f3fb37674688aba5a44ca6f5df7f8a327a5b5f6
treee094778d29d63dab84bf1cc52eb70399d4b6a17f
parent2973b5746998c22d59e43594670f1e61670924de
[SECURITY] Add hook to implement login protection methods

Currently only the backend login is protected with an implement sleep
time after login failure. This patch adds a new hook which can be used
to implement a protection functionality (e.g. for detecting brute force)
and moves the sleep time as default protection in the abstract user
authentication class.

Resolves: #59231
Releases: master, 6.2
Security-Bulletin: TYPO3-CORE-SA-2015-006
Change-Id: Idd105d07e016dbbb901c04ae6e1ff4f46b92ac49
Reviewed-on: http://review.typo3.org/40823
Reviewed-by: Helmut Hummel <helmut.hummel@typo3.org>
Tested-by: Helmut Hummel <helmut.hummel@typo3.org>
Reviewed-by: Benjamin Mack <benni@typo3.org>
Tested-by: Benjamin Mack <benni@typo3.org>
typo3/sysext/backend/Classes/Controller/LoginController.php
typo3/sysext/core/Classes/Authentication/AbstractUserAuthentication.php