Issue 2551063: Rest/Xmlrpc interfaces needs failed login protection

classification

Title:	Rest/Xmlrpc interfaces needs failed login protection
Type:	rfe	Severity:	normal
Components:		Versions:

process

Status:	new	Resolution:	remind
Dependencies		Superseder:
Assigned To:		Nosy List:	rouilj, schlatterbeck
Priority:		Keywords:

Created on 2019-10-06 22:00 by rouilj, last changed 2023-03-14 04:00 by rouilj.

Messages
msg6697	Author: [hidden] (rouilj)	Date: 2019-10-06 22:00
We have rate limiting for login attempts on the web interface. We should extend this to the xmlrpc and rest endpoints. The API endpoints are another mechanism for passowrd guessing attacks. We do have rest rate limiting, but that's to prevent misbehaving clients with valid credentials from using excessive resource. This ticket is for limiting connections with invalid credentials.

msg6697

Author: [hidden] (rouilj)

Date: 2019-10-06 22:00

We have rate limiting for login attempts on the web interface. We
should extend this to the xmlrpc and rest endpoints. The API endpoints
are another mechanism for passowrd guessing attacks.

We do have rest rate limiting, but that's to prevent misbehaving
clients with valid credentials from using excessive resource.

This ticket is for limiting connections with invalid credentials.

History
Date	User	Action	Args
2023-03-14 04:00:25	rouilj	set	resolution: remind
2019-10-13 21:48:42	rouilj	set	type: rfe
2019-10-07 09:26:00	schlatterbeck	set	nosy: + schlatterbeck
2019-10-06 22:00:00	rouilj	create

Roundup Tracker - Issues

Issue 2551063