Issue9386
Help
Roundup docs
Created on 2020-06-03.11:15:23 by nicoe, last changed by reviewbot.
| Messages | |||
|---|---|---|---|
review321511002 updated at https://codereview.tryton.org/321511002/#ps298021002 |
|||
New review321511002 at https://codereview.tryton.org/321511002/#ps321521002 |
|||
| msg58437 (view) | Author: [hidden] (nicoe)  |
Date: 2020-06-03.11:15:22 | |
We get sometimes the remark that the exponential wait in the get_login function when the user enters is useless or should be changed in order to reduce the delay (see issue5375 and other discussions about that on the opensuse bugtracker or in live). Getting some idea from https://owasp.org/www-community/Slow_Down_Online_Guessing_Attacks_with_Device_Cookies we think that we could use a random token store on the client side and on the server side in order to reduce the wait for users trying to connect from a client that has already been trusted. This token would be sent alongside the credentials information and if it matches the one store on the server then the user wouldn't have to wait in order to make another attempt. Of course if the number of attempts reach a defined limit then we will sent a 429 - Too Many Requests. |
|||
| History | |||
|---|---|---|---|
| Date | User | Action | Args |
| 2020-06-24 15:47:55 | reviewbot | set | messages: + msg58857 |
| 2020-06-03 11:30:27 | reviewbot | set | status: unread -> chatting nosy: + reviewbot messages: + msg58438 |
| 2020-06-03 11:30:27 | reviewbot | set | reviews: 321511002 keyword: + review |
| 2020-06-03 11:15:23 | nicoe | create | |
Showing 10 items. Show all history (warning: this could be VERY long)