shaneed

  • 85
shaneed
 added a discussion 

Good day!

I am trying to limit the search attempts as user can perform in a short period of time (anti search flood), if that is possible, because this can significantly slow down the server if too many queries are being performed, or if someone is being ill intended, especially if there doesn't seem to be any setting of limiting the minimum input characters inside the persons search form. I am really concerned about this. Any suggestion is welcome. Thank you.

  • 118
shaneed
 added a discussion 

Good day. I discovered that the refresh_token in table bx_oauth_refresh_tokens are all set to expire in 3 months and the table is getting filled with lots of unnecessary refresh tokens.
For example a token generated on 29th May at 1:52 AM  in table is set to expire on 26th August at 11:52 PM. That means that each time the access token is used, a new refresh token is being inserted in the database. 

How can I avoid having millions of different refresh tokens in the table? For example a single user_id has 5 or even more refresh_tokens assigned to it

The cURL command i use for authenticating my users is curl -X POST "[SITEURL]m/oauth2/token?" -d "grant_type=password&username=[mail address]&password=[mypassword]&client_id=[cliendID]&scope=basic"



  • 176
Achievements

Ninja

Total points: 149

301.1 point(s) to reach
Info
Friends count:
Full Name:
shaneed
Followers count:
Membership
Standard
My Discussions
  •  ·  118
  •  · 
Good day!I am trying to limit the search attempts as user can perform in a short period of time (ant…
  •  · 
  •  · 
  •  · Yes, good idea - https://github.com/unaio/una/issues/2893
  •  ·  176
  •  · 
Good day. I discovered that the refresh_token in table bx_oauth_refresh_tokens are all set to expire…
  •  · 
  •  · 
  •  · For now it's hardcoded to 90 days, we'll add setting to change lifetime for refresh_tokenhttps://git…

UNA - Social Media Software Framework

Close