composer.json · 939003e5a2b79bc1e3f33c9442e25f32e18b9036 · TYPO3 / TYPO3.CMS · GitLab

Snippets Groups Projects

An error occurred while loading the file. Please try again.

[FEATURE] Introduce rate limiter for failed logins · 939003e5

Torben Hansen authored 4 years ago

The PHP library `symfony/rate-limiter` has been integrated
in order to provide a rate limiting API for the TYPO3 core
and extensions.

As a new system default, the TYPO3 backend and
frontend login now uses a rate limiter, which prevents
further authentication attempts for an IP address, if
a configurable amount of login attempts is
exceeded in a given time.

The hardcoded wait time of 5 seconds after a failed login has
been removed, since it offers no real protection against brute
force attacks.

The following dependencies are introduced:

* symfony/rate-limiter "^5.3"

Resolves: #93825
Releases: master
Change-Id: Ib248b78b501a4d50556aa97938f4c51f12f7522a
Reviewed-on: https://review.typo3.org/c/Packages/TYPO3.CMS/+/68624


Tested-by: core-ci <typo3@b13.com>
Tested-by: Jochen <rothjochen@gmail.com>
Tested-by: Benni Mack <benni@typo3.org>
Reviewed-by: Jochen <rothjochen@gmail.com>
Reviewed-by: Benni Mack <benni@typo3.org>

939003e5

This project manages its dependencies using Composer. Learn more