Merge branch '5.4' into 6.0

javiereguiluz · javiereguiluz · commit 885e9c3b4312 · 2022-10-19T17:46:10.000+02:00
* 5.4:
  [Security] Adding info where login attempts are stored
diff --git a/rate_limiter.rst b/rate_limiter.rst
@@ -356,6 +356,8 @@ the :class:`Symfony\\Component\\RateLimiter\\Reservation` object returned by the
         }
     }
 
+.. _rate-limiter-storage:
+
 Storing Rate Limiter State
 --------------------------
 
diff --git a/security.rst b/security.rst
@@ -1414,6 +1414,10 @@ You must enable this using the ``login_throttling`` setting:
     units accepted by the `PHP date relative formats`_ (e.g. ``3 seconds``,
     ``10 hours``, ``1 day``, etc.)
 
+Internally, Symfony uses the :doc:`Rate Limiter component </rate_limiter>`
+which by default uses Symfony's cache to store the previous login attempts.
+However, you can implement a :ref:`custom storage <rate-limiter-storage>`.
+
 Login attempts are limited on ``max_attempts`` (default: 5)
 failed requests for ``IP address + username`` and ``5 * max_attempts``
 failed requests for ``IP address``. The second limit protects against an

Original file line number	Diff line number	Diff line change
@@ -356,6 +356,8 @@ the :class:`Symfony\\Component\\RateLimiter\\Reservation` object returned by the
`356`	`356`	`}`
`357`	`357`	`}`
`358`	`358`
	`359`	`+.. _rate-limiter-storage:`
	`360`	`+`
`359`	`361`	`Storing Rate Limiter State`
`360`	`362`	`--------------------------`
`361`	`363`