Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Secure API Access #6

Open
marclindemann opened this issue Nov 20, 2019 · 1 comment
Open

Secure API Access #6

marclindemann opened this issue Nov 20, 2019 · 1 comment
Labels
enhancement New feature or request

Comments

@marclindemann
Copy link

Hi @svewap,

first of all: nice extension. we are evaluating the extension right now. it would be good to

  • limit API Access to a specific IP
  • limit request with wrong API key to avoid brute force
@svewap svewap added the enhancement New feature or request label Nov 20, 2019
@svewap
Copy link
Collaborator

svewap commented Nov 20, 2019

Hi @marclindemann !
At this point the extension has a log function. A log file is written whose size is measured. The file is practically used as a counter for failed logins. The advantage here is that the IP of the attacker is also logged. A lock after X attempts would of course be useful and should be included in the code.
I personally don't need the limitation to one IP because I think it can change at any time in a dynamic cloud, but I can still add this feature.

@r3h6 r3h6 mentioned this issue Nov 1, 2020
Merged
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
enhancement New feature or request
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@svewap @marclindemann