]> source.dussan.org Git - nextcloud-server.git/commit
projects / nextcloud-server.git / commit
? search:
summary | shortlog | log | commit | commitdiff | tree
(parent: b072d2c) | patch
Add bruteforce protection to changePersonalPassword 4376/head
authorLukas Reschke <lukas@statuscode.ch>
Tue, 18 Apr 2017 15:55:51 +0000 (17:55 +0200)
committerLukas Reschke <lukas@statuscode.ch>
Tue, 18 Apr 2017 15:55:51 +0000 (17:55 +0200)
commit805419bb952b937ae980c198162f8f7dd30ff6d2
tree90e4b587e1ee0547ddc6ada57c799b4c91a57c31tree | snapshot
parentb072d2c49d6f61c2b55abf12e04bdf2166dbd4f4commit | diff
Add bruteforce protection to changePersonalPassword

While the risk is actually quite low because one would already have the user session and could potentially do other havoc it makes sense to throttle here in case of invalid previous password attempts.

Signed-off-by: Lukas Reschke <lukas@statuscode.ch>
settings/Controller/ChangePasswordController.php diff | blob | history
tests/Core/Controller/ChangePasswordControllerTest.php diff | blob | history
Nextcloud server, a safe home for all your data: https://github.com/nextcloud/server