gitea

mirror of https://github.com/go-gitea/gitea synced 2024-11-04 05:09:03 +01:00

History

zeripath e0853d4a21 Add API Token Cache (#16547 ) One of the issues holding back performance of the API is the problem of hashing. Whilst banning BASIC authentication with passwords will help, the API Token scheme still requires a PBKDF2 hash - which means that heavy API use (using Tokens) can still cause enormous numbers of hash computations. A slight solution to this whilst we consider moving to using JWT based tokens and/or a session orientated solution is to simply cache the successful tokens. This has some security issues but this should be balanced by the security issues of load from hashing. Related #14668 Signed-off-by: Andrew Thornton <art27@cantab.net> Co-authored-by: Lunny Xiao <xiaolunwen@gmail.com>	2021-08-17 14:30:42 -04:00
..
doc	Add API Token Cache (#16547 )	2021-08-17 14:30:42 -04:00
page	Fix various documentation, user-facing, and source comment typos (#16367 )	2021-07-08 13:38:13 +02:00

One of the issues holding back performance of the API is the problem of hashing.
Whilst banning BASIC authentication with passwords will help, the API Token scheme
still requires a PBKDF2 hash - which means that heavy API use (using Tokens) can
still cause enormous numbers of hash computations.

A slight solution to this whilst we consider moving to using JWT based tokens and/or
a session orientated solution is to simply cache the successful tokens. This has some
security issues but this should be balanced by the security issues of load from
hashing.

Related #14668

Signed-off-by: Andrew Thornton <art27@cantab.net>

Co-authored-by: Lunny Xiao <xiaolunwen@gmail.com>

2021-08-17 14:30:42 -04:00

doc

Add API Token Cache (#16547 )

2021-08-17 14:30:42 -04:00

page

Fix various documentation, user-facing, and source comment typos (#16367 )

2021-07-08 13:38:13 +02:00