Roundup Tracker - Issues

Issue 2551063

classification
Title: Rest/Xmlrpc interfaces needs failed login protection
Type: rfe Severity: normal
Components: Versions:
process
Status: new Resolution:
Dependencies: Superseder:
Assigned To: Nosy List: rouilj, schlatterbeck
Priority: Keywords:

Created on 2019-10-06 22:00 by rouilj, last changed 2019-10-13 21:48 by rouilj.

Messages
msg6697 Author: [hidden] (rouilj) Date: 2019-10-06 22:00
We have rate limiting for login attempts on the web interface. We
should extend this to the xmlrpc and rest endpoints. The API endpoints
are another mechanism for passowrd guessing attacks.

We do have rest rate limiting, but that's to prevent misbehaving
clients with valid credentials from using excessive resource.

This ticket is for limiting connections with invalid credentials.
History
Date User Action Args
2019-10-13 21:48:42rouiljsettype: rfe
2019-10-07 09:26:00schlatterbecksetnosy: + schlatterbeck
2019-10-06 22:00:00rouiljcreate