Details
-
Type: New Feature
-
Status: Closed
-
Priority: Major
-
Resolution: Fixed
-
Affects Version/s: 4.6.0
-
Fix Version/s: 5.1.0-b1
-
Component/s: Client Interface, Staff Interface
-
Labels:None
Description
Add an option to enable a CAPTCHA on client and admin login pages, potentially independently. This should be a setting someplace, not enabled by default. Can use reCAPTCHA, may need to have reCAPTCHA settings as a company setting, and this would be a company setting also.
If the CAPTCHA is not entered correctly, don't do a database lookup at all to verify if the user/pass is legitimate. The CAPTCHA in large part is intended to block automated brute force attacks, that can result in loss of service / overloaded MySQL.
Requires more discussion.