Roundup Tracker - Issues


Author rouilj
Recipients rouilj
Date 2022-03-31.03:38:45
Message-id <>
The rate limit mechanism only protects the html web interface as it's tied to the 
LoginAction::handle() method.

Rate limiting should be pushed down to LoginAction::verifyLogin which is called by
determine_user() in the inner_main, handle_rest and handle_xmlrpc methods in

For this ticket, we will just reuse the existing client.db.config.WEB_LOGIN_ATTEMPTS_MIN
setting for all three http based password access methods. I see no reason to have different
number of attempts depending on the method.
Date User Action Args
2022-03-31 03:38:46rouiljsetrecipients: + rouilj
2022-03-31 03:38:46rouiljsetmessageid: <>
2022-03-31 03:38:46rouiljlinkissue2551197 messages
2022-03-31 03:38:45rouiljcreate