Severin Glöckle
Severin Glöckle
To provide a starting point for discussing the concept and to show some of the benefits, I have provided an example on how to use the new schemas in `DataContainer::generateButtons`...
As discussed in the Contao call, the operations should be removed from the view. In the future, the URI in the show popup should become a clickable link. This requires...
Follow-up adjustments to `DC_Table::show` should be delayed until a decision has been made about the future of the system log (see https://github.com/contao/contao-manager/issues/84 and https://github.com/contao/contao/pull/3702#issuecomment-976323815). Since both `URI` and `page ID`...
The implementation of the system logger service in #3702 does not influence this pull request. I update the `tl_log.uri` field to be in line with https://github.com/contao/contao/pull/3812. An option to jump...
There is still one case unhandled: If a page with `tl_page.requireItem=1` is visible in any navigation, the `RouteParametersException` is thrown, but handled within `Module::renderNavigation` resulting in the page not being...
Thanks for the update @fritzmg! This pull request fixes the handling of pages with `tl_page.requireItem`. These pages are routable, but only with a proper parameter which is not available in...
I had given some thought to this a few weeks ago. As far as I know, there is no out-of-the-box solution for password spraying. However, Symfony 5.2 has introduced a...
Let's first distinguish between two possible attacks: - Password spraying: One (or more) common passwords are spammed across many different account names. - Credential stuffing: A list of common combinations...
> If we only allow one password per bucket, wouldn't that be a problem if I mistype my username (and try again) but entered a correct password? Since a bucket...
A per-password rate limiter provides a pretty high protection against denial of service attacks targeting the point of authentication. However, as @ausi suggested in https://github.com/contao/contao/issues/3821#issuecomment-1003576897, there probably should be rate...