View Issue Details
| ID | Project | Category | View Status | Date Submitted | Last Update |
|---|---|---|---|---|---|
| 0009025 | Taler | libeufin-bank | public | 2024-07-26 14:23 | 2024-11-12 23:52 |
| Reporter | Antoine A | Assigned To | Antoine A | ||
| Priority | normal | Severity | tweak | Reproducibility | have not tried |
| Status | resolved | Resolution | fixed | ||
| Product Version | git (master) | ||||
| Target Version | 0.14 | Fixed in Version | 0.14 | ||
| Summary | 0009025: Support enforcing token authentication | ||||
| Description | When we start using better (and more expensive) password hashing algorithms, password authentication becomes much more expensive an can adds significant latency (>100ms); making it the limiting factor in all our endpoints. As we will need to apply rate limiting to prevent password authentication becoming a DOS factor, this additional latency will become even more of a problem. We need a setting to disallow password authentication anywhere other than token creation. | ||||
| Tags | No tags attached. | ||||
| Date Modified | Username | Field | Change |
|---|---|---|---|
| 2024-07-26 14:23 | Antoine A | New Issue | |
| 2024-07-26 14:23 | Antoine A | Status | new => assigned |
| 2024-07-26 14:23 | Antoine A | Assigned To | => Antoine A |
| 2024-07-26 14:25 | Antoine A | Relationship added | related to 0009026 |
| 2024-07-28 21:52 | Christian Grothoff | Severity | minor => tweak |
| 2024-10-29 17:20 | Antoine A | Status | assigned => resolved |
| 2024-10-29 17:20 | Antoine A | Resolution | open => fixed |
| 2024-10-29 17:20 | Antoine A | Note Added: 0023620 | |
| 2024-11-12 23:52 | Christian Grothoff | Product Version | => git (master) |
| 2024-11-12 23:52 | Christian Grothoff | Fixed in Version | => 0.14 |
| 2024-11-12 23:52 | Christian Grothoff | Target Version | post-1.0 => 0.14 |
