mirror of
https://codeberg.org/forgejo/forgejo.git
synced 2024-12-23 07:43:18 -05:00
e0853d4a21
One of the issues holding back performance of the API is the problem of hashing. Whilst banning BASIC authentication with passwords will help, the API Token scheme still requires a PBKDF2 hash - which means that heavy API use (using Tokens) can still cause enormous numbers of hash computations. A slight solution to this whilst we consider moving to using JWT based tokens and/or a session orientated solution is to simply cache the successful tokens. This has some security issues but this should be balanced by the security issues of load from hashing. Related #14668 Signed-off-by: Andrew Thornton <art27@cantab.net> Co-authored-by: Lunny Xiao <xiaolunwen@gmail.com> |
||
---|---|---|
.. | ||
attachment.go | ||
cache.go | ||
cors.go | ||
cron.go | ||
cron_test.go | ||
database.go | ||
database_sqlite.go | ||
database_test.go | ||
git.go | ||
indexer.go | ||
indexer_test.go | ||
lfs.go | ||
log.go | ||
mailer.go | ||
markup.go | ||
migrations.go | ||
mime_type_map.go | ||
oauth2_client.go | ||
picture.go | ||
project.go | ||
queue.go | ||
repository.go | ||
service.go | ||
session.go | ||
setting.go | ||
setting_test.go | ||
storage.go | ||
storage_test.go | ||
task.go | ||
webhook.go |