Skip to content

[RateLimiter][Security] Document login throttling and clarify DoS protection #14918

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
merged 1 commit into from
Feb 4, 2021
Merged

[RateLimiter][Security] Document login throttling and clarify DoS protection #14918

merged 1 commit into from
Feb 4, 2021

Conversation

wouterj
Copy link
Member

@wouterj wouterj commented Feb 2, 2021

This PR started as "clarifying Symfony's rate limiter use-case compared to rate limiters outside PHP" (first commit).

I wanted to also add some guidelines on brute force attack protection beyond limiting login attempts, but discovered login throttling wasn't documented yet. So this PR now also documents login throttling :)

Fixes #14251

@wouterj wouterj added this to the 5.2 milestone Feb 2, 2021
@carsonbot carsonbot changed the title [RateLimiter][Security] Document login throttling and clarify DoS protection [RateLimiter] [Security] Document login throttling and clarify DoS protection Feb 2, 2021
@wouterj wouterj force-pushed the rate-limiter-use-case branch from 201c6d8 to a1b7df0 Compare February 2, 2021 16:25
@wouterj wouterj linked an issue Feb 2, 2021 that may be closed by this pull request
[Security] Added login throttling feature #14251
Closed
javiereguiluz
javiereguiluz approved these changes Feb 3, 2021
View reviewed changes
Copy link
Member

@javiereguiluz javiereguiluz left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Nice contribution and very easy to read and follow. Thanks Wouter!

@carsonbot carsonbot changed the title [RateLimiter] [Security] Document login throttling and clarify DoS protection [RateLimiter][Security] Document login throttling and clarify DoS protection Feb 3, 2021
Nyholm
Nyholm approved these changes Feb 3, 2021
View reviewed changes
Copy link
Member

@Nyholm Nyholm left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Excellent. Thank you

@wouterj wouterj force-pushed the rate-limiter-use-case branch from a1b7df0 to a2be7b8 Compare February 3, 2021 13:43
@wouterj wouterj mentioned this pull request Feb 4, 2021
Closed
@javiereguiluz
Copy link
Member

Thank you Wouter.

@javiereguiluz javiereguiluz merged commit a91bebe into symfony:5.2 Feb 4, 2021
@wouterj wouterj deleted the rate-limiter-use-case branch February 4, 2021 20:02
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@javiereguiluz javiereguiluz javiereguiluz approved these changes

+1 more reviewer

@Nyholm Nyholm Nyholm approved these changes

Reviewers whose approvals may not affect merge requirements
Assignees
No one assigned
Labels
RateLimiter Security Status: Reviewed
Projects
None yet
Milestone
5.2
Development

Successfully merging this pull request may close these issues.

[Security] Added login throttling feature
4 participants
@wouterj @javiereguiluz @Nyholm @carsonbot