chldapasswd

nemunaire/chldapasswd

Fork 0

Commit graph

Author	SHA1	Message	Date
Pierre-Olivier Mercier	2a9eec233a	fix(security): add per-IP rate limiting to all authentication endpoints Implement sliding window rate limiter to prevent brute-force attacks: - /auth and /login: 20 requests/minute per IP - /change: 10 POST requests/minute per IP - /lost: 5 POST requests/minute per IP (prevents email spam and user enumeration) - /reset: 10 POST requests/minute per IP - /api/v1/aliases: 30 requests/minute per IP Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>	2026-03-06 15:30:48 +07:00

Author

SHA1

Message

Date

Pierre-Olivier Mercier

2a9eec233a

fix(security): add per-IP rate limiting to all authentication endpoints

Implement sliding window rate limiter to prevent brute-force attacks:
- /auth and /login: 20 requests/minute per IP
- /change: 10 POST requests/minute per IP
- /lost: 5 POST requests/minute per IP (prevents email spam and user enumeration)
- /reset: 10 POST requests/minute per IP
- /api/v1/aliases: 30 requests/minute per IP

Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>

2026-03-06 15:30:48 +07:00

1 commit