Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

MSC1921: Support cancelling 3pid validation sessions #1921

Open
wants to merge 1 commit into
base: master
from

Conversation

Projects
None yet
2 participants
@turt2live
Copy link
Member

commented Mar 8, 2019

Rendered

As mentioned in the introduction, this was written in the context of working on vector-im/riot-web#6560.

@turt2live turt2live changed the title Proposal to support cancelling 3pid validation sessions MSC1921: Support cancelling 3pid validation sessions Mar 8, 2019

believed by the author that the additional security of ensuring the requester has permission to actually
cancel the session is more worthwhile than trying to fail fast.

Servers should also be aware of a potential resource exhaustion vector where an attacker requests a token and

This comment has been minimized.

Copy link
@Half-Shot

Half-Shot Mar 8, 2019

Contributor

Definitely something that should happen during token creation, but I wouldn't rate limit cancelToken especially harshly.

turt2live added a commit to matrix-org/matrix-react-sdk that referenced this pull request Mar 11, 2019

Provide an escape from the registration process
Fixes vector-im/riot-web#6560

Would be better improved by matrix-org/matrix-doc#1921 or similar in the future.
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
You can’t perform that action at this time.