Message7463
The rate limit mechanism only protects the html web interface as it's tied to the
LoginAction::handle() method.
Rate limiting should be pushed down to LoginAction::verifyLogin which is called by
determine_user() in the inner_main, handle_rest and handle_xmlrpc methods in client.py.
For this ticket, we will just reuse the existing client.db.config.WEB_LOGIN_ATTEMPTS_MIN
setting for all three http based password access methods. I see no reason to have different
number of attempts depending on the method. |
|
Date |
User |
Action |
Args |
2022-03-31 03:38:46 | rouilj | set | recipients:
+ rouilj |
2022-03-31 03:38:46 | rouilj | set | messageid: <1648697926.12.0.83670028599.issue2551197@roundup.psfhosted.org> |
2022-03-31 03:38:46 | rouilj | link | issue2551197 messages |
2022-03-31 03:38:45 | rouilj | create | |
|