tyler.durden
/
pandorafms
mirror of https://github.com/pandorafms/pandorafms.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

2013-12-26 Sancho Lerena <slerena@artica.es> 

* include/api.php: Avoid to store API auth failure in
        session log to avoid DoS due high volume of transactions.




git-svn-id: https://svn.code.sf.net/p/pandora/code/trunk@9262 c3f86ba8-e40f-0410-aaad-9ba5e7f4b01f
This commit is contained in:
slerena 2013-12-26 18:55:56 +00:00
parent aefd0694e5
commit 08e85ad68e
2 changed files with 10 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

5
pandora_console/ChangeLog
View File

@ -1,3 +1,8 @@
2013-12-26 Sancho Lerena <slerena@artica.es>
* include/api.php: Avoid to store API auth failure in
session log to avoid DoS due high volume of transactions.
2013-12-19 Sergio Martin <sergio.martin@artica.es>
* include/functions_visual_map.php: Fixed string simple

6
pandora_console/include/api.php
View File

@ -117,7 +117,11 @@ if ($correctLogin) {
}
}
else {
db_pandora_audit("API access Failed", $no_login_msg, $user, $ipOrigin);
// TODO: Implement a new switch in config to enable / disable
// ACL auth failure: if enabled and have lots of traffic can produce millions
// of records and a considerable OVERHEAD in the system :(
//db_pandora_audit("API access Failed", $no_login_msg, $user, $ipOrigin);
sleep (15);
//Protection on DoS attacks