/server

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Consider brute-force protection on the Server-to-Server Sharing Endpoint #478

Open
LukasReschke opened this Issue Jul 20, 2016 · 0 comments

Comments

Assignees
No one assigned
Labels
Projects
  
Backlog in Security Hardenings
Milestone
No milestone
2 participants
@LukasReschke @nextcloud-bot
@LukasReschke
Member

LukasReschke commented Jul 20, 2016
edited by rullzer

This is a little bit a trickier one, having brute-force protection there as well would be nice. However, the way S2S is implemented right now may lead to people locking out servers by intention.

Needs some more thoughts as well as status messages so that the other Nextcloud partiall throttles. Related to #437

@LukasReschke LukasReschke added enhancement feature: sharing security labels Jul 20, 2016

@MorrisJobke MorrisJobke referenced this issue May 22, 2017

Merged

[stable12] Update Opcache recommendation #5015

@nextcloud-bot nextcloud-bot added the stale label Jun 20, 2018

@nextcloud-bot nextcloud-bot referenced this issue Nov 7, 2018

Closed

Brute force whitelist is not applied to CardDAV ? #12330

@nextcloud-bot nextcloud-bot referenced this issue Nov 29, 2018

Open

Basic Auth from other website on same domain triggers brute force protection #12720

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment