-
Notifications
You must be signed in to change notification settings - Fork 9
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Look into setting a maximum password length to prevent DOS attacks #6
Comments
I can grab this one if no one is working currently? |
go for it! |
I actually just noticed there is already a PR for this feature. I'm just going to merge that :-) |
@davidmurdoch Oh, I was so close to get a t-shirt. Thanks anyway :) |
Ah, didn't realize it was for a hacktoberfest. If you are familiar with HTTP basic auth, you could try your hand at trufflesuite/ganache#418 |
@davidmurdoch I don't have experience with HTTP basic auth, but I think i can give it a shot. Do you have any resource that I can check or any starter guide for ganache-core project? |
DOS attacks via long passwords will probably be making their rounds (again). http://www.tomsguide.com/us/django-long-password-security,news-17557.html
I'm thinking about setting a default max-length of maybe 4096 bytes. This max-password length would be configurable.
The text was updated successfully, but these errors were encountered: