[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Proposal for tracking logins
- Subject: Proposal for tracking logins
- From: Pongrácz István <..hidden..>
- Date: Thu, 25 Sep 2014 09:20:51 +0200
Hi,
As I wrote my previous email, regarding audit trail, I also checked the login process in the DB.
I think, recording the login processes would be useful (security).
At this moment there are some tables, regarding users and sessions, but login information did not save.
My proposal:
- Keep a log about successful and unsuccessful login attempts to a new table, including login name, timestamp, IP address, successful/unsuccessful flag
- If a company also probed (not valid), it should be registered in a system wide table.
- It would be handy to send out an email (option) or send an xmpp message to the user about the login attempt.
- Above a limit, like 5 unsuccessful login attempts, an alert could be sent to the system admin.
- Supporting 2 factors login, like using a one time password sent by email or sms after a successful login. A plugin-like system can be ok, where the end user can develop his preferred method, for example how to send the sms. One time password could provided by the system.
Any more idea?
Thanks,
István
------------------------------------------------------------------------------
Meet PCI DSS 3.0 Compliance Requirements with EventLog Analyzer
Achieve PCI DSS 3.0 Compliant Status with Out-of-the-box PCI DSS Reports
Are you Audit-Ready for PCI DSS 3.0 Compliance? Download White paper
Comply to PCI DSS 3.0 Requirement 10 and 11.5 with EventLog Analyzer
http://pubads.g.doubleclick.net/gampad/clk?id=154622311&iu=/4140/ostg.clktrk
_______________________________________________
Ledger-smb-devel mailing list
..hidden..
https://lists.sourceforge.net/lists/listinfo/ledger-smb-devel