You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
@tarekis and I recently discussed some of the different cases which could occur when using this bundle and agreed on two things:
A
To show the user a reasonable / helpful error it would probably be a good idea to include the time a user is blocked in the event.
B
Consider the following scenario: A user hits the rate limit and is blocker for e.g. an hour. At the moment the time he is blocked will be reset every time he tries again. This could be the right thing but on the other hand we should also consider users that just wanted to know if it's working now. I think it probably depends mostly on the type of project and how much security related pressure is on the site. So how about making it configurable whether the period of time a user is blocked for should be increased or be left unchanged.
@tarekis and I recently discussed some of the different cases which could occur when using this bundle and agreed on two things:
A
To show the user a reasonable / helpful error it would probably be a good idea to include the time a user is blocked in the event.
B
Consider the following scenario: A user hits the rate limit and is blocker for e.g. an hour. At the moment the time he is blocked will be reset every time he tries again. This could be the right thing but on the other hand we should also consider users that just wanted to know if it's working now. I think it probably depends mostly on the type of project and how much security related pressure is on the site. So how about making it configurable whether the period of time a user is blocked for should be increased or be left unchanged.
@atroy What do you think?
The text was updated successfully, but these errors were encountered: