Comment # 8 on bug 1078111 from 
(In reply to Matthias Gerstner from comment #7)
> Hello Nicolas,

Hello Matthias,

> > We also have to keep in mind that trytond can run in multiple environment:
> > Linux, BSD and there might be even few people using Windows ; of course this
> > doesn't concern openSUSE but it concerns us.
> 
> I understand. This is easily forgotten but I know myself how difficult cross
> platform development can be.
> 
> Would you accept a configurable approach? Keep the default as it is but allow
> users or integrators that run Linux to select a different behaviour that
> avoids the discussed effect on the databse?

Well, for us the main issue with the patch applied is the removal of the brute
force protection. And according to us, this protection is more important than
the protection against a potential DDOS (because against DDOS you have to act
on multiple levels thus somehow we are less concerned about that).

And of course, if SUSE wants to add a patch that protects its users better
without hindering the base protection that we give. This is fine for us too :).

> > A solution to mitigate the growth of the LoginAttempt table might be to keep
> > track of the IP making the attempt and keeping at most X attempts from the
> > same IP. In fact after some research it seems that it is the solution that
> > drupal chose:
> 
> If it works for Drupal then it may be the right thing to do. A quick research
> suggests there are also some pitfalls here like multiple users sharing the
> same IP or using proxies to circumvent the protection.

C�dric created a bug regarding this issue: https://bugs.tryton.org/issue7110

When we discussed it we talked about a configuration parameter that would allow
to define the size of the subnet that would be banned. The number of failed
attempts will also be a configuration parameter.

In fact providing a patch for this issue will only reduce slightly the attack
surface but I am afraid that against DDOS trytond can not handle everything by
itself.

> I'm sure all of you can work out a solution that addresses both concerns.

I sure hope that we can. Thank you very much for stepping in into this debate
it helps to have the opinion of other (somehow less concerned) developers.

> I think both parties can agree upon that there is an attack surface here but
> also that it can't be fixed so simply (with regard to the proposed patch).
> While OS level DoS protection is certainly best practice, an improved
> implementation would benefit tryton and serve as a defense in depth measure.

We all agree on that I think. But putting the cursor on the right level of
protection is difficult and a subject of heated debate as you saw.

You are receiving this mail because: