Doc downloads (PDF, HTML & XML)
[FishEye Knowledge Base]
This page explains how to configure or disable FishEye's brute force login protection.
FishEye will protect against brute force login attacks by forcing users to solve a CAPTCHA form after a configurable number of consecutive invalid login attempts. By default, this functionality is enabled, and the number of invalid attempts is set to three.
Once a user logs in successfully, they will no longer be required to solve the CAPTCHA form.
To configure brute force login protection:
Screenshot: Brute Force Login Protection Settings
Login requests by the FishEye remote API libraries are also covered by the brute force protections. After the number of invalid attempts is exceeded (the default is three), then the remote API for that user will be prevented from making further login attempts (as that user will now be required to solve a CAPTCHA form through the web interface in order to log in).