| Author |
|
peopleinside
Newbie
Joined: 06 November 2013
Location: Italy
Online Status: Offline
Posts: 4
|
| Posted: 10 April 2014 at 6:29am | IP Logged
|
|
|
Some think and suggestion:
1.
Hi,
for now i see by default the remeber me (accedi automaticamente - remeber login) is checked, this is not very nice for security. Maybe in the Admin panel Admin can decide if leave this checked by default or not.
2.
If someone try to guess the email password there are a login limit after time user ip will be unable to login for 30 minutes example or now they can be infinite tentative to log in? Maybe this can be improved?
|
| Back to Top |
|
| |
Igor
AfterLogic Support
Joined: 24 June 2008
Location: United States
Online Status: Offline
Posts: 6104
|
| Posted: 10 April 2014 at 6:40am | IP Logged
|
|
|
Thank you for your feedback.
Quote:
| for now i see by default the remeber me (accedi automaticamente - remeber login) is checked, this is not very nice for security. Maybe in the Admin panel Admin can decide if leave this checked by default or not. |
|
|
That's configurable, you can set LoginSignMeType to DefaultOff in data/settings/settings.xml file. This option is mentioned along with related ones at this documentation page.
Quote:
| If someone try to guess the email password there are a login limit after time user ip will be unable to login for 30 minutes example or now they can be infinite tentative to log in? Maybe this can be improved? |
|
|
Good point, and we've recently published a plugin which enables displaying CAPTCHA on login screen. You can configure that plugin to show up after 3 failed login attempts.
Hope this helps!
--
Regards,
Igor, AfterLogic Support
|
| Back to Top |
|
| |
MailBee.NET Objects 
MailBee.NET Queue 
MailBee Objects 
WebMail Pro PHP 
AfterLogic Aurora 
MailSuite Pro for Linux 
Unified Messaging Solution 
Search
Register
Login
Topic: Security on WebMail Lite
Privacy policy |
Refund policy