minor #17135 [Security] Adding info where login attempts are stored (ThomasLandauer)

javiereguiluz · javiereguiluz · commit f83e1d371548 · 2022-10-19T17:44:58.000+02:00
This PR was squashed before being merged into the 5.4 branch. Discussion ---------- [Security] Adding info where login attempts are stored Commits ------- 7ad5d9f [Security] Adding info where login attempts are stored
diff --git a/rate_limiter.rst b/rate_limiter.rst
@@ -360,6 +360,8 @@ the :class:`Symfony\\Component\\RateLimiter\\Reservation` object returned by the
         }
     }
 
+.. _rate-limiter-storage:
+
 Storing Rate Limiter State
 --------------------------
 
diff --git a/security.rst b/security.rst
@@ -1462,6 +1462,10 @@ You must enable this using the ``login_throttling`` setting:
 
     The ``login_throttling.interval`` option was introduced in Symfony 5.3.
 
+Internally, Symfony uses the :doc:`Rate Limiter component </rate_limiter>`
+which by default uses Symfony's cache to store the previous login attempts.
+However, you can implement a :ref:`custom storage <rate-limiter-storage>`.
+
 Login attempts are limited on ``max_attempts`` (default: 5)
 failed requests for ``IP address + username`` and ``5 * max_attempts``
 failed requests for ``IP address``. The second limit protects against an

Original file line number	Diff line number	Diff line change
@@ -360,6 +360,8 @@ the :class:`Symfony\\Component\\RateLimiter\\Reservation` object returned by the
`360`	`360`	`}`
`361`	`361`	`}`
`362`	`362`
	`363`	`+.. _rate-limiter-storage:`
	`364`	`+`
`363`	`365`	`Storing Rate Limiter State`
`364`	`366`	`--------------------------`
`365`	`367`