You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
So that: I can spot suspicious activity like someone attempting lots of resets.
Possibly should log a hash of the email address entered rather than the actual address? but then sufficient to spot a single address iwth many attempts vs multiple addresses? maybe hash name and domain separately?
Acceptance Criteria
No response
The text was updated successfully, but these errors were encountered:
We already have the source IP address of the request in the HTTP request logs, the PR just adds a marker with the user's hashed id so we can spot/count attempts per user
Epic
No response
Description
As a: admin
I want to: see password reset requests in the log
So that: I can spot suspicious activity like someone attempting lots of resets.
Possibly should log a hash of the email address entered rather than the actual address? but then sufficient to spot a single address iwth many attempts vs multiple addresses? maybe hash name and domain separately?
Acceptance Criteria
No response
The text was updated successfully, but these errors were encountered: