| Subject: | Add Captcha to the login screen to prevent robotic logins to LinkSOFT |
| Summary: | We need to add more security to LinkSOFT login. We have decided to add the Captcha as the first step. This will be a global setting that users can turn OFF if they do not need this security feature. Requirements:
- Add a Web Configuration setting for "LoginCaptchaRequired"
- Show CAPTCHA if this configuration is turned ON. Enforce login if turned on
- Add an Event Log every time the user enters invalid CAPTCHA to monitor the effectiveness of the captcha
- ?If a user account is locked out, send an email notification
|
| Audit Notes: | Edited by sanjay on 06/05/20 08:16. Edited by sanjay on 06/05/20 08:16. |
| 06 May 2020 | 08:10AM Comment 1 by Sanjay (Link Technologies) Assigned To: Rashna (Edge Business Solutions) Followup Date: 06-05-2020 12:08 PM Time Taken: 4.00 |
| Development work for this case has been completed. The change will be available in version:11.5.0506 1. The following changes were made(Include Database object names, Program classes and any other relevant information): - Added a new Web Configuration named: "LoginCaptchaRequired"
- When the value is "Yes", a CAPTCHA is required for all Logins
- By Default, Captcha is turned ON. Users can turn this off by changing the WEB.CONFIG settings for "LoginCaptchaRequired"
2. Affected Areas: - Login Form
3. The issue was caused by: - Security Improvement
4. Notes:
5. Next Step: UAT |
|
| 06 May 2020 | 08:16AM Comment 2 by Sanjay (Link Technologies) Assigned To: Alvis (Link Technologies) Followup Date: 06-05-2020 12:16 PM |
| Assigned to Alvis to complete Requirements # 4 |
|
| 08 May 2020 | 01:44PM Comment 3 by Sanjay (Link Technologies) Assigned To: Development Followup Date: 08-05-2020 05:04 PM Time Taken: 2.00 |
| Development work for this case has been completed. The change will be available in version:11.5.0508 1. The following changes were made(Include Database object names, Program classes and any other relevant information): - Added a template for "user account locked out". This alert is sent when a user is locked out.
2. Affected Areas: - Login page - account locked out
3. The issue was caused by: - Security improvement
4. Notes:
5. Next Step: UAT |
|
| 08 May 2020 | 02:02PM Comment 4 by Sanjay (Link Technologies) Assigned To: Rashna (Edge Business Solutions) Followup Date: 08-05-2020 06:02 PM |
| Proceed with UAT |
|
| 12 May 2020 | 12:31PM Comment 5 by Rashna (Edge Business Solutions) Assigned To: Alvis (Link Technologies) Followup Date: 12-05-2020 02:06 PM Time Taken: 1.00 |
| QA Results Tests carried out according to requirements specified on the case header Test Results Summary Table 1 - Summarised list of issues | No | Test Description | Pass/Fail | | 1 | Set the configuration "LoginCaptchaRequired" as Yes in web.config file. This should enable the "CAPTCHA" on the Login Page Set the configuration "LoginCaptchaRequired" as No in web.config file. This should remove the "CAPTCHA" on the Login Page
| Pass | | 2 | Enter below details to login: - Username - E008
- Password - 1234567
The user should not be able to login | Pass | | 3 | Enter below details to login: - Username - E008
- Password - 1234567
- CAPTCHA on the screen
The user should be able to login
| Pass | | 4 | Click on "Show Another Code" under the "CAPTCHA" this should load a new captcha | Pass | | 5 | Enter the below login details - Username - E008
- Password - 89898989
This will lock the user account The system should sent an alert with contents from the "User Account Locked Out" template
| Fail - Email is not sent. (Email Scheduler is set to "Yes")
- The "Email Log" is empty. I validated that the record exist in the table "LT_SYS_MSG_Notifications".?
|
- Environment Details
- OS version: Windows Server 2012
- Application version: 11.5.0508
- Setup: Demo
- Server : 10.0.0.14
- Database: LINKSOFT-DEMO-11-RASHNA
Next Step: - Review
|
|
| 13 May 2020 | 10:45AM Comment 6 by Sanjay (Link Technologies) Assigned To: Rashna (Edge Business Solutions) Followup Date: 13-05-2020 02:43 PM Time Taken: 2.00 |
| Development work for this case has been completed. The change will be available in version:11.5.0512 1. The following changes were made(Include Database object names, Program classes and any other relevant information): - Corrected date format to use "dd/MM/yyyy" in the date controls.
2. Affected Areas: - Email Log, Report Email Log
- Event Log
3. The issue was caused by: - Incorrect date format in the menu "Email Log" caused the issue
4. Notes:
5. Next Step: UAT |
|
| 13 May 2020 | 10:58AM Comment 7 by Rashna (Edge Business Solutions) Assigned To: Rashna (Edge Business Solutions) Followup Date: 13-05-2020 02:56 PM Time Taken: 1.00 |
| QA Results Tests carried out according to requirements specified on the case header Test Results Summary Table 1 - Summarised list of issues | No | Test Description | Pass/Fail | | 1 | Enter the below login details - Username - E008
- Password - 89898989
This will lock the user account The system should sent an alert with contents from the "User Account Locked Out" template
| Pass | | 2 | Valdiate that "Event Log" and "Email Log" is updated with above. | Pass |
Environment Details - OS version: Windows Server 2012
- Application version: 11.5.0512
- Setup: Demo
- Server : 10.0.0.14
- Database: LINKSOFT-DEMO-11-RASHNA
Next Step: - Documentation
|
|
| 27 May 2020 | 01:36PM Comment 8 by Rashna (Edge Business Solutions) Assigned To: Rashna (Edge Business Solutions) Followup Date: 27-05-2020 05:10 PM Time Taken: 1.00 |
| Hi Sanjay, Documentation has been updated at LinkSOFT\LinkWebApplicationsPortal\Logging_into_Linkweb.htm Thanks
Rashna |
|