Skip to content
This repository has been archived by the owner on Feb 10, 2023. It is now read-only.

Rate Limit for user logins #20

Open
mellowagain opened this issue Oct 7, 2018 · 1 comment
Open

Rate Limit for user logins #20

mellowagain opened this issue Oct 7, 2018 · 1 comment
Labels
feature: io type: suggestion Issues which suggest various features
Milestone
Backlog

Comments

@mellowagain
Copy link
Owner

mellowagain commented Oct 7, 2018
edited
Loading

@cyanidee and me have decided to stress test Shiro. We have used the following:

  • 102 successful login tries
  • 100ms pause between the hits

Shiro was able to correctly process all 102 login tries for about 20 seconds before resulting in a segmentation fault.

This means that Shiro was able to process (102 * (20 * (1000 / 2))) = 1'020'000 login retries within 20 seconds perfectly without any hiccups. The CPU and RAM usage was not measured as my system monitor didn't update fast enough to notice any major difference to before hitting.

Now this is already a great number considering Ripple, the most widespread cho-protocol implementation server, crashes with just 5 successful tries every second within 20 seconds (tested by @cyanidee).

To prevent further crashes by running out of memory, implementation of rate limit is suggested.
@mellowagain mellowagain added type: suggestion Issues which suggest various features feature: io status: low priority labels Oct 7, 2018
@mellowagain mellowagain added this to the Backlog milestone Oct 7, 2018
@RenovaDeus

This comment has been minimized.

Sign in to view
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Assignees
No one assigned
Labels
feature: io type: suggestion Issues which suggest various features
Projects
None yet
Milestone
Backlog
Development

No branches or pull requests
2 participants
@RenovaDeus @mellowagain