Mercurial > p > roundup > code
view doc/postgresql.txt @ 5717:cad18de2b988
issue2550949: Rate limit password guesses/login attempts.
Generic rate limit mechanism added. Deployed for web page
logins. Default is 3 login attempts/minute for a user. After which one
login attempt every 20 seconds can be done.
Uses gcra algorithm so all I need to store is a username and timestamp
in the one time key database. This does mean I don't have a list of
all failed login attempts as part of the rate limiter.
Set up config setting as well so admin can tune the rate. Maybe 1
every 10 seconds is ok at a site with poor typists who need 6 attempts
to get the password right 8-).
The gcra method can also be used to limit the rest and xmlrpc
interfaces if needed. The mechanism I added also supplies a status
method that calculates the expected values for http headers returned
as part of rate limiting.
Also tests added to test all code paths I hope.
| author | John Rouillard <rouilj@ieee.org> |
|---|---|
| date | Sat, 11 May 2019 17:24:58 -0400 |
| parents | 76b71c9bd50d |
| children | e48b039b0ec0 |
line wrap: on
line source
========================== PostgreSQL/psycopg Backend ========================== This are notes about PostqreSQL backend based on the psycopg adapter for Roundup issue tracker. Prerequisites ============= To use PostgreSQL as backend for storing roundup data, you should additionally install: 1. PostgreSQL 8.x or higher - http://www.postgresql.org/ 2. The psycopg python interface to PostgreSQL: http://initd.org/software/initd/psycopg Running the PostgreSQL unit tests ================================= The user that you're running the tests as will need to be able to access the postgresql database on the local machine and create and drop databases. See the config values in 'test/db_test_base.py' about which database connection, name and user will be used. Credit ====== The postgresql backend was originally submitted by Federico Di Gregorio <fog@initd.org>