Roundup Tracker - Issues

Issue 2551063

classification
Rest/Xmlrpc interfaces needs failed login protection
Type: rfe Severity: normal
Components: Versions:
process
Status: new remind
:
: : rouilj, schlatterbeck
Priority: :

Created on 2019-10-06 22:00 by rouilj, last changed 2023-03-14 04:00 by rouilj.

Messages
msg6697 Author: [hidden] (rouilj) Date: 2019-10-06 22:00
We have rate limiting for login attempts on the web interface. We
should extend this to the xmlrpc and rest endpoints. The API endpoints
are another mechanism for passowrd guessing attacks.

We do have rest rate limiting, but that's to prevent misbehaving
clients with valid credentials from using excessive resource.

This ticket is for limiting connections with invalid credentials.
History
Date User Action Args
2023-03-14 04:00:25rouiljsetresolution: remind
2019-10-13 21:48:42rouiljsettype: rfe
2019-10-07 09:26:00schlatterbecksetnosy: + schlatterbeck
2019-10-06 22:00:00rouiljcreate