Login throttling #37266
Comments
|
Closing here as this is already part of #30914 |
Simply means nobody is working on it publicly. #30914 is a tracker issue grouping a ton of marginally related tasks to get security up to date. Once somebody picks it up the PR will be the tracker. |
I added the note because I was surprised there was no issue for it yet. |
|
There is no added value in this issue now - it's just reiterating the task in the tracker issue. If it would have been a full proposal with a screen of specs it would've been a different case, now it's just a duplicate. It should also be noted that #33558 added |
|
Yeah, I would recommend creating a listener on these events and storing a count in the session. We don't need to add this to the "legacy" security system. I think Laravel's |
This PR was squashed before being merged into the 5.2-dev branch. Discussion ---------- [Security] Added login throttling feature | Q | A | ------------- | --- | Branch? | master | Bug fix? | no | New feature? | yes | Deprecations? | no | Tickets | Fix #37266 | License | MIT | Doc PR | tbd This "recreates" #37444 based on the RateLimiter component from #37546 <s>(commits are included in this branch atm)</s>. Login throttling can be enabled on any user-based authenticator (thanks to the `UserBadge`) with this configuration: ```yaml security: firewalls: default: # default limits to 5 login attempts per minute, the number can be configured via "max_attempts" login_throttling: ~ # or you can define your own RateLimiter on framework.rate_limiter and configure it instead: login_throttling: limiter: login ``` Commits ------- afdd805 [Security] Added login throttling feature
|
Implemented in 5.2. |
|
Thanks all! |
Hi :)
It would be great to have an option for the connection to limit the number of failed login attempts over a period of time.
Thanks :)
The text was updated successfully, but these errors were encountered: