SignonIdentity now only allows one failed verifySecret call per second and maximum...
authorRauli Ikonen <rauli.ikonen@nixuopen.org>
Tue, 22 Feb 2011 15:02:44 +0000 (17:02 +0200)
committerRauli Ikonen <rauli.ikonen@nixuopen.org>
Tue, 22 Feb 2011 15:02:44 +0000 (17:02 +0200)
commit4ec7b445c1ab757eb05793d3e3603c19fe43f8ca
tree9b37739030ac44c95efd53b3d5a3fffc6d3c37fe
parent9c146ef824fe23ae804b9556ce967ca719ce5b9c
SignonIdentity now only allows one failed verifySecret call per second and maximum of 10 simultaneously pending calls. This makes verifySecret less attractive for trying to brute-force passwords. Fixes https://bugs.meego.com/show_bug.cgi?id=12441
src/signond/signondaemon.cpp
src/signond/signondaemon.h
src/signond/signonidentity.cpp
src/signond/signonidentity.h
tests/libsignon-qt-tests/ssotestclient.cpp
tests/libsignon-qt-tests/testidentityresult.cpp
tests/libsignon-qt-tests/testidentityresult.h