Skip to content
New issue

Have a question about this project? # for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “#”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? # to your account

Add FakeCredentialGenerator for preventing username enumeration #603

Merged
merged 2 commits into from
Jun 29, 2024

Conversation

Spomky
Copy link
Contributor

@Spomky Spomky commented Jun 28, 2024

The update introduces a FakeCredentialGenerator that generates fake credentials. This addition helps in preventing username enumeration. Furthermore, a SimpleFakeCredentialGenerator implementation, which integrates with caching, and related configuration were provided. The changes were propagated through the different parts of the system as necessary.

Target branch: 4.9.x
Resolves issue: none

  • It is a Bug fix
  • It is a New feature
  • Breaks BC
  • Includes Deprecations

@Spomky Spomky added the enhancement New feature or request label Jun 28, 2024
@Spomky Spomky added this to the 4.9.0 milestone Jun 28, 2024
@Spomky Spomky self-assigned this Jun 28, 2024
@mergify mergify bot added the conflict label Jun 29, 2024
The update introduces a new FakeCredentialGenerator and its simple implementation, SimpleFakeCredentialGenerator, for generating fake credentials. This addition helps prevent username enumeration by providing fake credentials for nonexistent users. Changes have been made across multiple files, including service configuration updates and logic changes in the ProfileBasedRequestOptionsBuilder.
@Spomky Spomky force-pushed the features/fake-credentials branch from 85a1732 to c55149c Compare June 29, 2024 07:35
@mergify mergify bot removed the conflict label Jun 29, 2024
The update introduces a new FakeCredentialGenerator and its simple implementation, SimpleFakeCredentialGenerator, for generating fake credentials. This addition helps prevent username enumeration by providing fake credentials for nonexistent users. Changes have been made across multiple files, including service configuration updates and logic changes in the ProfileBasedRequestOptionsBuilder.
@Spomky Spomky merged commit 51b7a85 into 4.9.x Jun 29, 2024
13 of 15 checks passed
@Spomky Spomky deleted the features/fake-credentials branch June 29, 2024 12:22
# for free to join this conversation on GitHub. Already have an account? # to comment
Labels
enhancement New feature or request
Projects
None yet
Development

Successfully merging this pull request may close these issues.

1 participant