Roundup Tracker - Issues

Issue 2551063

Rest/Xmlrpc interfaces needs failed login protection
Type: rfe Severity: normal
Components: Versions:
Status: new remind
: : rouilj, schlatterbeck
Priority: :

Created on 2019-10-06 22:00 by rouilj, last changed 2023-03-14 04:00 by rouilj.

msg6697 Author: [hidden] (rouilj) Date: 2019-10-06 22:00
We have rate limiting for login attempts on the web interface. We
should extend this to the xmlrpc and rest endpoints. The API endpoints
are another mechanism for passowrd guessing attacks.

We do have rest rate limiting, but that's to prevent misbehaving
clients with valid credentials from using excessive resource.

This ticket is for limiting connections with invalid credentials.
Date User Action Args
2023-03-14 04:00:25rouiljsetresolution: remind
2019-10-13 21:48:42rouiljsettype: rfe
2019-10-07 09:26:00schlatterbecksetnosy: + schlatterbeck
2019-10-06 22:00:00rouiljcreate