Commit a930fc1
committed
Fix security and robustness issues in nice-url feature
Security fixes:
- Fix #1: Race condition in register_or_update_for_deployment - now uses
atomic database transaction to prevent subdomain loss on failed updates
- Fix #2: Information disclosure - reserved subdomains now return generic
"not available" message to prevent enumeration attacks
- Fix #3: API rate limiter - added per-IP secondary limit that cannot be
bypassed by rotating browser fingerprints
- Fix #4: Rate limiter emergency purge - now uses gradual purge that only
removes stale entries (>60s old) instead of arbitrary half, preventing
attackers from evicting legitimate users
Additional improvements:
- Added new client rate limiting to detect identifier flooding attacks
- Updated frontend error code translations for consistent generic messages
- Updated tests to reflect new generic error messages1 parent 30d956b commit a930fc1
5 files changed
Lines changed: 553 additions & 108 deletions
File tree
- operations-manager/python
- opi
- api
- connectors
- templates
- web
- tests
0 commit comments