Closed (fixed)
Project:
Friendly Register
Version:
7.x-1.x-dev
Component:
Miscellaneous
Priority:
Normal
Category:
Feature request
Assigned:
Reporter:
Created:
16 Feb 2012 at 22:55 UTC
Updated:
19 Mar 2012 at 19:30 UTC
I think is a good idea to have a setting to limit the number of times a user can check if username/email exists. That prevent unnecessary requests on db.
Comments
Comment #1
andrew m riley commentedI would agree, I've been toying around with the number to stop at. Ultimately I'll make it configureable but do you have any thoughts on a default number?
Comment #2
PedroMiguel commentedI think 15 is more than enough, even for a very large site. Ideal is to let site admin choose the number, if it takes a lot for you to code, just leave 15 as value and document people must change that value to have more/less attempts.
Comment #3
andrew m riley commentedThats the rub. It will check once per second if something has changed. So if they type two letters per second that would mean they have a maxium of 30 letters to type before they get a flood deny.
I was thinking along the lines of 300 max requests durring a period and a maximum of 1 request per second.
Comment #4
andrew m riley commentedThe initial flood limiting is now in the dev branch. Right now it's hardcoded to 300 but I plan on adding an admin page for that. I haven't tested if the update.php has implemented the schema for previously installed versions.
Things to note: If a user does hit the flood limit then the messages are removed and the timeout is cancelled. I need to do further testing on the two fields interacting.
Comment #5
andrew m riley commentedRight now I'm leaving it in a constant at 300 (in tonights build). Marking this ticket as fixed.