Mercurial > p > roundup > code
comparison doc/xmlrpc.txt @ 7556:273c8c2b5042
fix(api): - issue2551063 - Rest/Xmlrpc interfaces needs failed login protection.
Failed API login rate limiting with expiring lockout added.
| author | John Rouillard <rouilj@ieee.org> |
|---|---|
| date | Wed, 19 Jul 2023 20:37:45 -0400 |
| parents | 924b07252412 |
| children | c3a7b1aa06cf |
comparison
equal
deleted
inserted
replaced
| 7555:451232f83244 | 7556:273c8c2b5042 |
|---|---|
| 85 | 85 |
| 86 The current standalone ``roundup-xmlrpc-server`` implementation | 86 The current standalone ``roundup-xmlrpc-server`` implementation |
| 87 does not support SSL. This means that usernames and passwords will | 87 does not support SSL. This means that usernames and passwords will |
| 88 be passed in cleartext unless the server is proxied behind | 88 be passed in cleartext unless the server is proxied behind |
| 89 another server (such as Apache or lighttpd) that provides SSL. | 89 another server (such as Apache or lighttpd) that provides SSL. |
| 90 | |
| 91 Rate Limiting Failed Logins | |
| 92 --------------------------- | |
| 93 | |
| 94 See the `rest documentation | |
| 95 <rest.html#rate-limiting-api-failed-logins>`_ for rate limiting failed | |
| 96 logins on the API. The XML-RPC uses the same method as the REST API. | |
| 97 Rate limiting is shared between the XMLRPC and REST APIs. | |
| 90 | 98 |
| 91 Client API | 99 Client API |
| 92 ========== | 100 ========== |
| 93 The server currently implements seven methods/commands. Each method | 101 The server currently implements seven methods/commands. Each method |
| 94 requires that the user provide a username and password in the HTTP | 102 requires that the user provide a username and password in the HTTP |