File: control

package info (click to toggle)
libcgi-application-plugin-ratelimit-perl 1.0-3
  • links: PTS, VCS
  • area: main
  • in suites: buster, stretch
  • size: 96 kB
  • ctags: 15
  • sloc: perl: 185; makefile: 2
file content (62 lines) | stat: -rw-r--r-- 2,936 bytes parent folder | download | duplicates (2)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
Source: libcgi-application-plugin-ratelimit-perl
Maintainer: Debian Perl Group <pkg-perl-maintainers@lists.alioth.debian.org>
Uploaders: Jaldhar H. Vyas <jaldhar@debian.org>
Section: perl
Testsuite: autopkgtest-pkg-perl
Priority: optional
Build-Depends: debhelper (>= 8)
Build-Depends-Indep: libcgi-pm-perl | perl (<< 5.19),
                     perl,
                     libcgi-application-perl,
                     libclass-accessor-perl,
                     libdbi-perl,
                     libdbd-sqlite3-perl
Standards-Version: 3.9.6
Vcs-Browser: https://anonscm.debian.org/cgit/pkg-perl/packages/libcgi-application-plugin-ratelimit-perl.git
Vcs-Git: git://anonscm.debian.org/pkg-perl/packages/libcgi-application-plugin-ratelimit-perl.git
Homepage: https://metacpan.org/release/CGI-Application-Plugin-RateLimit

Package: libcgi-application-plugin-ratelimit-perl
Architecture: all
Depends: ${misc:Depends},
         ${perl:Depends},
         libcgi-application-perl,
         libclass-accessor-perl
Recommends: libcgi-application-plugin-dbh-perl
Enhances: libcgi-application-perl
Breaks: libcgi-application-extra-plugin-bundle-perl (<< 0.5)
Replaces: libcgi-application-extra-plugin-bundle-perl (<< 0.5)
Description: Perl module for limiting the runmode call rate per user
 CGI::Application::Plugin::RateLimit provides protection against a user
 calling a runmode too frequently. A typical use-case might be a contact form
 that sends email. You'd like to allow your users to send you messages, but
 thousands of messages from a single user would be a problem.
 .
 This module works by maintaining a database of hits to protected runmodes. It
 then checks this database to determine if a new hit should be allowed based
 on past activity by the user. The user's identity is, by default, tied to
 login (via REMOTE_USER) or IP address (via REMOTE_IP) if login info is not
 available. You may provide your own identity function via the
 identity_callback() method.
 .
 To use this module you must create a table in your database with the
 following schema (using MySQL-syntax, although other DBs may work as well
 with minor alterations):
 .
  CREATE TABLE rate_limit_hits (
      user_id   VARCHAR(255)      NOT NULL,
      action    VARCHAR(255)      NOT NULL,
      timestamp UNSIGNED INTEGER  NOT NULL,
      INDEX (user_id, action, timestamp)
   );
 .
 You may feel free to vary the storage-type and size of user_id and action to
 match your usage. For example, if your identity_callback() always returns an
 integer you could make user_id an integer column.
 .
 This table should be periodically cleared of old data. Anything older than the
 maximum timeframe being used can be safely deleted.
 .
 IMPORTANT NOTE: The protection offered by this module is not perfect.
 Identifying a user on the internet is very hard and a sophisticated attacker
 can work around these checks, by switching IPs or automating login creation.