Roundup Tracker - Issues

Message6697

Author rouilj
Recipients rouilj
Date 2019-10-06.22:00:00
Message-id <20191006215956.CDC9E4C0280@itserver6.cs.umb.edu>
In-reply-to
We have rate limiting for login attempts on the web interface. We
should extend this to the xmlrpc and rest endpoints. The API endpoints
are another mechanism for passowrd guessing attacks.

We do have rest rate limiting, but that's to prevent misbehaving
clients with valid credentials from using excessive resource.

This ticket is for limiting connections with invalid credentials.
History
Date User Action Args
2019-10-06 22:00:00rouiljsetrecipients: + rouilj
2019-10-06 22:00:00rouiljlinkissue2551063 messages
2019-10-06 22:00:00rouiljcreate