tonyair/silverstripe-framework
1
0
Fork 0
mirror of https://github.com/silverstripe/silverstripe-framework synced 2024-10-22 14:05:37 +02:00
Code Issues Projects Releases Wiki Activity

Corrected login data usage docs

Browse Source
This commit is contained in:
Ingo Schommer 2018-05-21 11:33:50 +12:00
parent fa9c95fc5d
commit 5445a0d3fc
1 changed files with 5 additions and 2 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

7
docs/en/02_Developer_Guides/09_Security/06_Personal_Data.md
View File

@ -47,10 +47,13 @@ this unique link will persist across sessions.
## Login Attempts ## Login Attempts
SilverStripe can be configured to record login attempts, in order to lock out users SilverStripe is configured by default to record login attempts, in order to lock out users
after a defined number of attempts, and hence limit the attack surface of the login process. after a defined number of attempts, and hence limit the attack surface of the login process.
This is predicated on tracking the IP address of the attempt, which can be considered personal data. This is predicated on tracking the IP address of the attempt, which can be considered personal data.
See `SilverStripe\Security\Security::$login_recording` for details. IP addresses related to these attempts are stored indefinitely unless manually purged
from the `LoginAttempt` table.
See `SilverStripe\Security\Security::$login_recording` and
`SilverStripe\Security\Security::$lock_out_after_incorrect_logins` for details.
## Logging and Exceptions ## Logging and Exceptions