Skip to content
This repository has been archived by the owner on Apr 26, 2024. It is now read-only.

We should ratelimit Login (and register) requests more aggressively (SYN-559) #1452

Closed
matrixbot opened this issue Dec 21, 2015 · 1 comment
Assignees

Comments

@matrixbot
Copy link
Member

Submitted by @​matthew:matrix.org
As they chew bcrypt and provide an easy DoS vector. Plus we don't want people password attacking us anyway

(Imported from https://matrix.org/jira/browse/SYN-559)

@matrixbot matrixbot changed the title We should ratelimit Login requests more aggressively (SYN-559) We should ratelimit Login requests more aggressively (https://github.com/matrix-org/synapse/issues/1452) Nov 7, 2016
@matrixbot matrixbot changed the title We should ratelimit Login requests more aggressively (https://github.com/matrix-org/synapse/issues/1452) We should ratelimit Login requests more aggressively (SYN-559) Nov 7, 2016
@richvdh richvdh changed the title We should ratelimit Login requests more aggressively (SYN-559) We should ratelimit Login (and register) requests more aggressively (SYN-559) Feb 13, 2019
@babolivier babolivier self-assigned this Feb 19, 2019
@babolivier
Copy link
Contributor

babolivier commented Mar 18, 2019

Fixed in #4735 and #4821

Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Labels
None yet
Projects
None yet
Development

No branches or pull requests

2 participants