Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

💻 Implement a request rate limiter #5102

Open
TiBiBa opened this issue Feb 8, 2024 · 0 comments · May be fixed by #5103
Open

💻 Implement a request rate limiter #5102

TiBiBa opened this issue Feb 8, 2024 · 0 comments · May be fixed by #5103
Assignees
@TiBiBa

Comments

@TiBiBa
Copy link
Collaborator

TiBiBa commented Feb 8, 2024
edited
Loading

Description
Some routes automatically sent an e-mail. Either to ourselves, or to a user (for example for the 'reset password'). This introduces risks as there is no limit on the amount of times a user can make this request. We should implement either a username, e-mail and/or ip-address rate limiter.

https://flask-limiter.readthedocs.io/en/stable/
@TiBiBa TiBiBa added frontend Issue with the web interface and removed frontend Issue with the web interface labels Feb 8, 2024
@TiBiBa TiBiBa self-assigned this Feb 8, 2024
@TiBiBa TiBiBa linked a pull request Feb 8, 2024 that will close this issue
Draft
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@TiBiBa TiBiBa

Labels
None yet
Projects
Hedy organization board
Status: No status
Milestone
No milestone
Development

Successfully merging a pull request may close this issue.

Implement rate limiter on reset password hedyorg/hedy
1 participant
@TiBiBa