Users able to alter own "Failed Login" value in User/Profile

tridentli / trident

Trident is a trusted and secure communication platform for enabling better communication between groups of trusted parties

https://trident.li

Apache License 2.0

20 stars 9 forks source link

Users able to alter own "Failed Login" value in User/Profile #102

Open stewrg opened 7 years ago

stewrg commented 7 years ago

Users can change the value of Number of failed Login Attempts in their own profile. Not sure this is intentional. It makes it possible to enter a high number - which in turn logs them out of the system. Curious minds create mischief!

Can this be made a 'read only' box?

massar commented 7 years ago

That is correct it seems as we have: pfset:"self,group_admin" pfget:"group_admin"

Indeed, we should only allow 'reset to 0' there.