[openstack-dev] [keystone][security] New BP for anti brute force in keystone

Julien Danjou julien at danjou.info
Thu Jan 14 08:52:23 UTC 2016

On Wed, Jan 13 2016, Morgan Fainberg wrote:

> A standard method of rate limiting for OpenStack services would be a good
> thing to figure out.

Apache used as a daemon for WSGI application (e.g. like we do by default
in devstack) has support for rate limit for decades – see mod_ratelimit
for example.
So this is a problem we really want to solve in OpenStack – unless we're
really getting bored or victims of the NIH syndrom.

Now, that does mean that other protection methods (as suggested in the
original blueprint proposal) should not be implemented, but this one
shouldn't be reinvented for sure.

Julien Danjou
# Free Software hacker
# https://julien.danjou.info
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 800 bytes
Desc: not available
URL: <http://lists.openstack.org/pipermail/openstack-dev/attachments/20160114/fca71659/attachment.pgp>

More information about the OpenStack-dev mailing list