0009788: captcha on login screen - MantisBT - Signup temporarily disabled due to spam

ID	Project	Category	View Status	Date Submitted	Last Update

0009788	mantisbt	feature	public	2008-11-07 16:28	2010-04-23 23:23

Reporter	llattan	Assigned To
Priority	normal	Severity	feature	Reproducibility	always
Status	closed	Resolution	won't fix
Platform	all	OS	all	OS Version	all
Product Version	1.1.4

Summary	0009788: captcha on login screen
Description	I would like my mantisbt could be accesible from internet, but I think it could be insecure. Could you add CAPTCHA in login screen to avoid brute-force attacks ? (if the user fails the password once or twice) I hope you can help me. Regards. Leandro.
Tags	No tags attached.

vboctor 2008-11-07 17:58 manager ~0019808	I'm OK with showing it only after a couple of failing attempts.

rolfkleef 2010-01-27 07:09 reporter ~0024260	you can use the config variable $g_max_failed_login_count to set an upper limit to protect against brute-force login attempts there is a "Lost your password" option for users who fail once or twice so I'm closing this as "won't fix", but if the feature is really desired, reopen it