Closed Bug 858247 Opened 12 years ago Closed 12 years ago

[socorro-crashstats] Rate limiter on the public API

Tracking

(Not tracked)

Status:

RESOLVED FIXED

People

(Reporter: peterbe, Assigned: peterbe)

References

Details

Peter Bengtsson [:peterbe]

Assignee

Description

•

12 years ago

The public API is built on top of the models which are heavily cached. However, if you make a malicious attack you could fire off URLs that just vary by a small amount (e.g. /url/?version=000001 and /url/?version=000002) and that would bypass the cache and potentially start far too many queries on the middleware.

Peter Bengtsson [:peterbe]

Assignee

Updated

•

12 years ago

Assignee: nobody → peterbe

Status: NEW → ASSIGNED

Peter Bengtsson [:peterbe]

Assignee

Comment 1

•

12 years ago

Pull request: https://github.com/mozilla/socorro-crashstats/pull/342 :jezdez r?

[github robot]

Comment 2

•

12 years ago

Commits pushed to master at https://github.com/mozilla/socorro-crashstats https://github.com/mozilla/socorro-crashstats/commit/62a42f1804ee84d7b48c4de3dbc5bbd0236bdfb2 fixes bug 858247 - Rate limiter on the public API https://github.com/mozilla/socorro-crashstats/commit/b72acc2bb0bc37e47c013c2ba32274ada295aef6 Merge pull request #342 from peterbe/bug858247-rate-limiter-on-the-public-api fixes bug 858247 - Rate limiter on the public API

[github robot]

Updated

•

12 years ago

Status: ASSIGNED → RESOLVED

Closed: 12 years ago

Resolution: --- → FIXED

You need to log in before you can comment on or make changes to this bug.

Bugzilla

[socorro-crashstats] Rate limiter on the public API

Categories

(Socorro :: Webapp, task)

Tracking

(Not tracked)

People

(Reporter: peterbe, Assigned: peterbe)

References

Details

Crash Data

Security

(public)

User Story

Description

Updated

Comment 1

Comment 2

Updated