tonyair/silverstripe-framework
1
0
Fork 0
mirror of https://github.com/silverstripe/silverstripe-framework synced 2024-09-29 20:59:23 +02:00
Code Issues Projects Releases Wiki Activity

Merge pull request #8079 from open-sausages/pulls/4/docs-login

Browse Source 
Personal data usage docs corrections
This commit is contained in:
Robbie Averill 2018-05-21 11:59:37 +12:00 committed by GitHub
commit 7b6f4c0a53
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
1 changed files with 7 additions and 2 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

9
docs/en/02_Developer_Guides/09_Security/06_Personal_Data.md
View File

@ -44,13 +44,18 @@ SilverStripe will default to using PHP sessions for tracking logged-in users,
which uniquely link users to their device/browser through a session cookie.
If the user chooses the "Remember me" feature on login,
this unique link will persist across sessions.
The default cookie lifetime for this feature is 48h.
See `SilverStripe\Security\Member::$auto_login_token_lifetime` for details.
## Login Attempts
SilverStripe can be configured to record login attempts, in order to lock out users
SilverStripe is configured by default to record login attempts, in order to lock out users
after a defined number of attempts, and hence limit the attack surface of the login process.
This is predicated on tracking the IP address of the attempt, which can be considered personal data.
See `SilverStripe\Security\Security::$login_recording` for details.
IP addresses related to these attempts are stored indefinitely unless manually purged
from the `LoginAttempt` table.
See `SilverStripe\Security\Security::$login_recording` and
`SilverStripe\Security\Security::$lock_out_after_incorrect_logins` for details.
## Logging and Exceptions