From 4cbf5877c9ca5d3e5754e568fbadd670fe1f7ff6 Mon Sep 17 00:00:00 2001
From: Thorbjørn Lindeijer <bjorn@lindeijer.nl>
Date: Sat, 3 Oct 2009 22:14:24 +0200
Subject: Limit login attempt frequency based on IP address

The previous method was broken because it set the "last time" to the
current time when the client connected. So login would fail when the
username and password were sent within a second from connecting, which
is not desirable.

If I'd have fixed this by setting the "last time" to login time minus
one second, then an attacker would just need to reconnect for each login
attempt. So now it uses an IP address based approach, where each IP can
only try to log in once per second.
---
 src/utils/stringfilter.cpp | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

(limited to 'src/utils')

diff --git a/src/utils/stringfilter.cpp b/src/utils/stringfilter.cpp
index 1e2eaa54..b36ad71d 100644
--- a/src/utils/stringfilter.cpp
+++ b/src/utils/stringfilter.cpp
@@ -120,7 +120,7 @@ bool StringFilter::isEmailValid(const std::string& email)
         (email.find_first_of(' ') == std::string::npos);
 }
 
-bool StringFilter::findDoubleQuotes(const std::string& text)
+bool StringFilter::findDoubleQuotes(const std::string &text)
 {
     return (text.find('"', 0) != std::string::npos);
 }
-- 
cgit v1.2.3-70-g09d2