A generic action throttler needed (Trac #4241) #4241
Comments
|
cash wrote on 41978876-03-13 Is this for actions or a general throttle? The failed logins is not throttled based on any action. |
|
trac user webgalli wrote on 41997847-09-04 Cash :The failed action throttle is already in use for login failures. The same function can be used as a generic action throttle or a failed action. We can use it for password reset requests (10 requests /24 hours as in the Giant sites like Fb, twitter etc), can save some server resource in case of a spambot hit. Also we can use it for other actions like say a user can only send 10 invitations /day to his friends Or 10 private messages in 5 minutes, can post only 10 comments in 5 minutes etc. All we need is a proper working cron too. Instead of duplicating the same function again, we can reuse it and keep the core light. |
|
cash wrote on 42001348-08-01 No, the failed login throttle is not for actions. You can log in as many times as you want. It counts failed logins not the number of times you have logged in. |
|
Title changed from |
|
Milestone changed to |
|
Do we really need to do anything here? As long as we have some kind of generic plugin hook when submitting forms, I think this should be done in a plugin... We already have the 'action,*' hook, so that should be though for now I would think... |
Original ticket http://trac.elgg.org/ticket/4241 on 41978632-11-10 by trac user webgalli, assigned to unknown.
Elgg version: Github Master
A generic action throttler is needed for the system. To add a block to number of times an action can be attempted in a particular interval. For example 5 failed login attempts in 5 minutes, 10 password reset requests for a day.. etc. The solution is added to #116
The text was updated successfully, but these errors were encountered: