feat(security): add Memcached-based rate limiting for remember-token auto-login
Prevents brute-force attacks against remember-me cookies. Uses Memcached (Cache::add + increment) to track failures per IP: 5 attempts in 15 min window, auto-expiring via TTL. Counter resets on successful auto-login. Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
This commit is contained in:
@@ -80,7 +80,8 @@ class AuthServicesFactory
|
||||
$this->sessionStore,
|
||||
$this->cookieStore,
|
||||
$this->requestRuntime,
|
||||
$this->authGatewayFactory->createAuthSettingsGateway()
|
||||
$this->authGatewayFactory->createAuthSettingsGateway(),
|
||||
new RememberMeRateLimiter()
|
||||
);
|
||||
}
|
||||
|
||||
|
||||
Reference in New Issue
Block a user