-
Type: Task
-
Status: Open
-
Priority: Minor
-
Resolution: Unresolved
-
Affects Version/s: None
-
Fix Version/s: QualifiedToSchedule
-
Component/s: Rest API
-
Tags:
Even if new REST endpoints like /me/changepassword seem more sensitive to brute force attacks the fact is that any Nuxeo resource today is vulnerable since access to these goes through our authentication chain thus allowing indefinite authentication attempts. We should try to rate limit these attempts somehow.
Need to see what options are available and work on specifications.