On 2022-11-04 08:34, [email protected] wrote:
Hi All,
I am looking for some help to make the below changes to RC.
1) Prevent concurrent login of same user.
2) Rate limiting
3) Not show the token parameter in the URL after logout.
I cannot post this on the forum as it does not allow me to register.
Any help/leads would be appreciated.
Thanks,
-Vinay
_______________________________________________
Roundcube Users mailing list
[email protected]
http://lists.roundcube.net/mailman/listinfo/users
Hi Vinay,
For login rate limiting, refer to defaults config file, there is a login
rate limiting option, copy it to main config and adjust it as you want.
For concurrent login, not sure exactly what you meant, but you can
implement tracking functionality e.g. every time a user logs in and out,
log it in a db and when there is more than one entry, disallow login.
If you want to just disallow login in same e.g. ms or seconds, you might
be able to achieve it via setting login rate limiting to one, I think it
should work, otherwise you need to check sessions table entries every
time a user attempts to login and check its date, disallow login if
there is entry with spscific date.
About token parameter, someone else might be able to help, given I need
to examine the roundcube code but I think its doable, if you check
logout command code logic and adjust accordingly.
Good luck.
Zakaria.
_______________________________________________
Roundcube Users mailing list
[email protected]
http://lists.roundcube.net/mailman/listinfo/users
