diff options
| author | kelvinp@chromium.org <kelvinp@chromium.org@0039d316-1c4b-4281-b951-d872f2087c98> | 2014-04-07 22:33:28 +0000 |
|---|---|---|
| committer | kelvinp@chromium.org <kelvinp@chromium.org@0039d316-1c4b-4281-b951-d872f2087c98> | 2014-04-07 22:33:28 +0000 |
| commit | 064128c1d8c7a3fb1d4ceaae996891130f2cf171 (patch) | |
| tree | ef143838848f3d3d28c7c8d327cc21828c3e43a1 /remoting/protocol/client_control_dispatcher.h | |
| parent | 57baec29d609c0e1ae53dea806e5fbcc70f83ed6 (diff) | |
| download | chromium_src-064128c1d8c7a3fb1d4ceaae996891130f2cf171.zip chromium_src-064128c1d8c7a3fb1d4ceaae996891130f2cf171.tar.gz chromium_src-064128c1d8c7a3fb1d4ceaae996891130f2cf171.tar.bz2 | |
Cause:
To prevent a malicious client from guessing the PIN by spamming the host with bogus logins, the chromoting host can throttle incoming requests after too many unsuccessful login attempts. In the current implementation, every time when there is an incoming request, we start incrementing the bad login counter, regardless of whether the host has actually starts authenticating.
Fix:
This change adds an extra flag on the authenticator to indicate whether authentication has started.
The JingleSession checks the flag and progagates the message back all the way up to the host through the callback Session::OnSessionAuthenticationBegin
BUG=350208
Review URL: https://codereview.chromium.org/205583011
git-svn-id: svn://svn.chromium.org/chrome/trunk/src@262228 0039d316-1c4b-4281-b951-d872f2087c98
Diffstat (limited to 'remoting/protocol/client_control_dispatcher.h')
0 files changed, 0 insertions, 0 deletions