This page last changed on Apr 28, 2010 by edawson.

This page explains how to configure or disable FishEye's brute force login protection.

FishEye will protect against brute force login attacks by forcing users to solve a CAPTCHA form after a configurable number of consecutive invalid login attempts. By default, this functionality is enabled, and the number of invalid attempts is set to three.

Once a user logs in successfully, they will no longer be required to solve the CAPTCHA form.

Configuring brute force login protection

To configure brute force login protection:

  1. Open the FishEye Admin screen click Security on the left-hand navigation bar. The 'Authentication Settings' screen opens.
  2. Scroll down to the 'Security Settings' section at the bottom of the screen.
  3. The option 'Use CAPTCHA' is displayed. You can select the following options:
  • Never.
  • After N login attempts (the default number of allowed attempts is three).
    Select the desired option (where 'N' is the number of attempts), and click 'Apply'. The changes will be made immediately.

Screenshot: Brute Force Login Protection Settings

Brute force protection against remote API calls

Login requests by the FishEye remote API libraries are also covered by the brute force protections. After the number of invalid attempts is exceeded (the default is three), then the remote API for that user will be prevented from making further login attempts (as that user will now be required to solve a CAPTCHA form through the web interface in order to log in).


Document generated by Confluence on Apr 03, 2011 23:09