Feature #40914
closedFeature #40907: mgr/dashboard: REST API improvements
mgr/dashboard: REST API: security
0%
Description
The following measures should be implemented:
- Failed login limit (after that, the user will be disabled).
- Rate limiting: per-user/token.
- Cache-control private for every response containing personal sensitive information.
Updated by Lenz Grimmer almost 4 years ago
- Related to Feature #39999: mgr/dashboard: Prevent brute-force/dictionary attacks against existing local user accounts added
Updated by Lenz Grimmer almost 4 years ago
Per our conversation during today's standup, let's split this issue up by moving "Rate limiting: per-user/token" and "Cache-control private for every response containing personal sensitive information" into separate issues and keep the focus of this issue on the limiting failed logins. However, I wonder if this isn't captured in #39999 already?
Updated by Ernesto Puerta over 3 years ago
- Blocks Feature #47765: mgr/dashboard: security improvements added
Updated by Aashish Sharma over 3 years ago
- Assignee changed from anurag bandhu to Aashish Sharma
Updated by Aashish Sharma over 3 years ago
- Status changed from New to Fix Under Review
Updated by Nizamudeen A over 3 years ago
- Assignee changed from Aashish Sharma to Nizamudeen A
- Pull request ID changed from 37912 to 38316
Updated by Avan Thakkar over 3 years ago
- Status changed from Fix Under Review to Resolved
Updated by Nizamudeen A over 3 years ago
- Status changed from Resolved to Pending Backport
- Backport set to octopus, nautilus
Updated by Backport Bot over 3 years ago
- Copied to Backport #48794: octopus: mgr/dashboard: REST API: security added
Updated by Backport Bot over 3 years ago
- Copied to Backport #48795: nautilus: mgr/dashboard: REST API: security added
Updated by Nizamudeen A over 3 years ago
- Backport changed from octopus, nautilus to octopus
Updated by Nathan Cutler over 3 years ago
- Backport changed from octopus to nautilus, octopus
Re-adding nautilus to backport field because, without it, the presence of the rejected nautilus backport issue causes the "backport-create-issue" script to complain:
ERROR:root:https://tracker.ceph.com/issues/40914 has more backport issues (,nautilus,octopus) than expected (octopus)
Updated by Nathan Cutler over 3 years ago
- Status changed from Pending Backport to Resolved
While running with --resolve-parent, the script "backport-create-issue" noticed that all backports of this issue are in status "Resolved" or "Rejected".
Updated by Ernesto Puerta about 3 years ago
- Project changed from mgr to Dashboard
- Category changed from 146 to General - Back-end