mirror of
https://github.com/the-djmaze/snappymail.git
synced 2026-07-13 03:27:39 +03:00
Improved loginErrorDelay to prevent timing attacks
This commit is contained in:
parent
c4df524a06
commit
b859cd6aec
4 changed files with 9 additions and 13 deletions
|
|
@ -281,7 +281,9 @@ fetch_new_messages = On
|
||||||
; Display message RFC 2822 date and time header, instead of the arrival internal date.
|
; Display message RFC 2822 date and time header, instead of the arrival internal date.
|
||||||
date_from_headers = On
|
date_from_headers = On
|
||||||
allow_message_append = Off
|
allow_message_append = Off
|
||||||
login_fault_delay = 1
|
|
||||||
|
; When login fails, wait N seconds before responding
|
||||||
|
login_fault_delay = 5
|
||||||
log_ajax_response_write_limit = 300
|
log_ajax_response_write_limit = 300
|
||||||
allow_html_editor_biti_buttons = Off
|
allow_html_editor_biti_buttons = Off
|
||||||
allow_ctrl_enter_on_compose = On
|
allow_ctrl_enter_on_compose = On
|
||||||
|
|
|
||||||
|
|
@ -890,19 +890,14 @@ class Actions
|
||||||
return $aResult;
|
return $aResult;
|
||||||
}
|
}
|
||||||
|
|
||||||
protected function requestSleep(int $iDelay = 1): void
|
|
||||||
{
|
|
||||||
$time = \microtime(true) - $_SERVER['REQUEST_TIME_FLOAT'];
|
|
||||||
if ($iDelay > $time) {
|
|
||||||
\usleep(\intval(($iDelay - $time) * 1000000));
|
|
||||||
}
|
|
||||||
}
|
|
||||||
|
|
||||||
protected function loginErrorDelay(): void
|
protected function loginErrorDelay(): void
|
||||||
{
|
{
|
||||||
$iDelay = (int) $this->oConfig->Get('labs', 'login_fault_delay', 0);
|
$iDelay = (int) $this->oConfig->Get('labs', 'login_fault_delay', 0);
|
||||||
if (0 < $iDelay) {
|
if (0 < $iDelay) {
|
||||||
$this->requestSleep($iDelay);
|
$seconds = $iDelay - (\microtime(true) - $_SERVER['REQUEST_TIME_FLOAT']);
|
||||||
|
if (0 < $seconds) {
|
||||||
|
\usleep(\intval($seconds * 1000000));
|
||||||
|
}
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|
|
||||||
|
|
@ -128,7 +128,6 @@ trait Attachments
|
||||||
break;
|
break;
|
||||||
}
|
}
|
||||||
|
|
||||||
// $this->requestSleep();
|
|
||||||
return $this->DefaultResponse($bError ? false : $mResult);
|
return $this->DefaultResponse($bError ? false : $mResult);
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|
|
||||||
|
|
@ -379,7 +379,7 @@ Enables caching in the system'),
|
||||||
'labs' => array(
|
'labs' => array(
|
||||||
'date_from_headers' => array(true, 'Display message RFC 2822 date and time header, instead of the arrival internal date.'),
|
'date_from_headers' => array(true, 'Display message RFC 2822 date and time header, instead of the arrival internal date.'),
|
||||||
'allow_message_append' => array(false),
|
'allow_message_append' => array(false),
|
||||||
'login_fault_delay' => array(1),
|
'login_fault_delay' => array(5, 'When login fails, wait N seconds before responding'),
|
||||||
'log_ajax_response_write_limit' => array(300),
|
'log_ajax_response_write_limit' => array(300),
|
||||||
'allow_html_editor_biti_buttons' => array(false),
|
'allow_html_editor_biti_buttons' => array(false),
|
||||||
'allow_ctrl_enter_on_compose' => array(true),
|
'allow_ctrl_enter_on_compose' => array(true),
|
||||||
|
|
|
||||||
Loading…
Add table
Add a link
Reference in a new issue