From 5cb03c40ea56bd20ac7df3e4d7dde4fd19365f8d Mon Sep 17 00:00:00 2001 From: lee Date: Fri, 6 Mar 2020 11:42:56 +0000 Subject: [PATCH] adding rate limiting --- subjects/forum/forum-security.audit.en.md | 2 ++ subjects/forum/forum-security.en.md | 5 +++++ 2 files changed, 7 insertions(+) diff --git a/subjects/forum/forum-security.audit.en.md b/subjects/forum/forum-security.audit.en.md index bd1639c49..e29e5a07f 100644 --- a/subjects/forum/forum-security.audit.en.md +++ b/subjects/forum/forum-security.audit.en.md @@ -10,6 +10,8 @@ ###### Is the [server](https://golang.org/pkg/net/http/#Server) timeout reduced (Read, write and IdleTimeout)? (enabling attackers to take their time) +###### Does the project implement [Rate limiting](https://en.wikipedia.org/wiki/Rate_limiting) (avoiding [DoS attacks](https://en.wikipedia.org/wiki/Denial-of-service_attack))? + ##### Try to access the database. ###### Does the database present a password for protection? diff --git a/subjects/forum/forum-security.en.md b/subjects/forum/forum-security.en.md index b6fc84870..2e54d6fbc 100644 --- a/subjects/forum/forum-security.en.md +++ b/subjects/forum/forum-security.en.md @@ -14,10 +14,15 @@ For this project you must take into account the security of your forum. - Database, for this will have to create a password for your database and encrypt the communication channel. - Clients session cookies should be unique. For instance, the session state is stored on the server and the session should present an unique identifier. This way the client has no direct access to it. Therefore, there is no way for attackers to read or tamper with session state. +- The implementation of [Rate Limiting](https://en.wikipedia.org/wiki/Rate_limiting) must be present on this project + This project will help you learn about : - HTTPS - [Cipher suites](https://www.iana.org/assignments/tls-parameters/tls-parameters.xml) +- Goroutines +- Channels +- Rate Limiting - Encryption - password - session/cookies