Feature #40907: mgr/dashboard: REST API improvements
mgr/dashboard: REST API: security
The following measures should be implemented:
- Failed login limit (after that, the user will be disabled).
- Rate limiting: per-user/token.
- Cache-control private for every response containing personal sensitive information.
#3 Updated by Lenz Grimmer about 1 year ago
Per our conversation during today's standup, let's split this issue up by moving "Rate limiting: per-user/token" and "Cache-control private for every response containing personal sensitive information" into separate issues and keep the focus of this issue on the limiting failed logins. However, I wonder if this isn't captured in #39999 already?
#16 Updated by Nathan Cutler 4 months ago
- Backport changed from octopus to nautilus, octopus
Re-adding nautilus to backport field because, without it, the presence of the rejected nautilus backport issue causes the "backport-create-issue" script to complain:
ERROR:root:https://tracker.ceph.com/issues/40914 has more backport issues (,nautilus,octopus) than expected (octopus)