Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Proposal: Restrict the number of times a user can fail a login attempt #67

Open
Cryptophobia opened this issue Mar 20, 2018 · 7 comments

Comments

@Cryptophobia
Copy link
Member

From @jchauncey on March 21, 2016 18:48

Right now we do not restrict the number of times people can fail a login attempt.

Copied from original issue: deis/controller#544

@Cryptophobia
Copy link
Member Author

From @bacongobbler on March 21, 2016 19:14

Would some kind of rate-limiting feature fix this?

@Cryptophobia
Copy link
Member Author

From @jchauncey on March 21, 2016 19:21

I think it depends on how complicated we want to get. Honestly, this probably plays into a larger theme feature which is Org management/security enhancements/(auth/id) management. But I think after 3 or 5 times you are locked out until an admin unlocks you or we trigger an unlock event somehow.

@Cryptophobia
Copy link
Member Author

From @helgi on June 10, 2016 21:54

https://www.djangopackages.com/grids/g/antiflood/ here are a few - tho most will want a cache (redis / memcache) of some sort to store login attempts, etc

@Cryptophobia
Copy link
Member Author

From @Joshua-Anderson on September 8, 2016 18:6

We have a redis component now so the cache is no longer a blocker.

@Cryptophobia
Copy link
Member Author

From @helgi on September 8, 2016 18:9

That redis component is used for logging - we shouldn't be re-using components all too much. We could do it but then we'd have to do more sanity checking / users / acl kind of dealio so logger doesn't blow up controller cache and other way around

@Cryptophobia
Copy link
Member Author

From @Joshua-Anderson on September 8, 2016 18:12

True, I was thinking we would use a second database on the redis component or we would deploy the deis-redis component twice, once for logger and once for the controller.

@Cryptophobia
Copy link
Member Author

From @bacongobbler on September 8, 2016 18:26

Redis has a default of 32 "databases". IIRC logger is only using one, so there's nothing technically stopping us from using another :)

duanhongyi added a commit to duanhongyi/controller that referenced this issue Apr 24, 2023
…go-3.2.10

chore(deps): bump django from 3.2.5 to 3.2.10 in /rootfs
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Projects
None yet
Development

No branches or pull requests

1 participant