Discource-C
/
discourse
mirror of https://github.com/discourse/discourse.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

SECURITY: rate limit user/password login

This commit is contained in:
Sam 2014-09-25 10:06:44 +10:00
parent ffa11bd1d6
commit d53e01619f
1 changed files with 3 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

3
app/controllers/session_controller.rb
View File

@ -51,6 +51,9 @@ class SessionController < ApplicationController
return
end
RateLimiter.new(nil, "login-hr-#{request.remote_ip}", 30, 1.hour).performed!
RateLimiter.new(nil, "login-min-#{request.remote_ip}", 6, 1.minute).performed!
params.require(:login)
params.require(:password)