0009025Talerlibeufin-bankpublic2024-12-13 19:15
ReporterAntoine A Assigned ToAntoine A  
PrioritynormalSeveritytweakReproducibilityhave not tried
Status closedResolutionfixed 
Product Versiongit (master) 
Target Version0.14Fixed in Version0.14 
Summary0009025: Support enforcing token authentication
DescriptionWhen we start using better (and more expensive) password hashing algorithms, password authentication becomes much more expensive an can adds significant latency (>100ms); making it the limiting factor in all our endpoints. As we will need to apply rate limiting to prevent password authentication becoming a DOS factor, this additional latency will become even more of a problem.

We need a setting to disallow password authentication anywhere other than token creation.
related to 0009026 assignedAntoine A Support memory-hard password hashing method 


Antoine A

2024-10-29 17:20

developer   ~0023620

Implemented in bc35aba3fbac892029ea17ee7ee4d1b4949650c0

2024-07-26 14:23 Antoine A New Issue
2024-07-26 14:23 Antoine A Status new => assigned
2024-07-26 14:23 Antoine A Assigned To => Antoine A
2024-07-26 14:25 Antoine A Relationship added related to 0009026
2024-07-28 21:52 Christian Grothoff Severity minor => tweak
2024-10-29 17:20 Antoine A Status assigned => resolved
2024-10-29 17:20 Antoine A Resolution open => fixed
2024-10-29 17:20 Antoine A Note Added: 0023620
2024-11-12 23:52 Christian Grothoff Product Version => git (master)
2024-11-12 23:52 Christian Grothoff Fixed in Version => 0.14
2024-11-12 23:52 Christian Grothoff Target Version post-1.0 => 0.14
2024-12-13 19:15 Christian Grothoff Status resolved => closed