You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
This enhancement request has a number of dimensions.
We should throttle successful logins for the same user when repeated too many times within a certain short amount of time. In doing so we can encourage the usage of logging in to get a token and then using that token in follow-up calls. This will mitigate excessive logging and audit events.
We should throttle API requests in general (except maybe requests with a UI token?) to discourage unoptimized queries and N+1 errors. This would be akin to GitHub placing a limit of 5000 requests per hour. I suggest we do something similar, though I don't know what that number should be. Regardless, it should be configurable.
Note that we already throttle unsuccessful logins via a delayed lockout.
This enhancement request has a number of dimensions.
Note that we already throttle unsuccessful logins via a delayed lockout.
cc @jrafanie
The text was updated successfully, but these errors were encountered: