[tor-bugs] #33123 [Applications/GetTor]: Update GetTor's rate limiting
Tor Bug Tracker & Wiki
blackhole at torproject.org
Fri Jan 31 22:13:54 UTC 2020
#33123: Update GetTor's rate limiting
---------------------------------+--------------------------
Reporter: cohosh | Owner: cohosh
Type: defect | Status: assigned
Priority: Medium | Milestone:
Component: Applications/GetTor | Version:
Severity: Normal | Resolution:
Keywords: | Actual Points:
Parent ID: | Points: 2
Reviewer: | Sponsor:
---------------------------------+--------------------------
Changes (by cohosh):
* owner: (none) => cohosh
* status: new => assigned
Comment:
Okay, it seems like this was originally intended to be an actual rate
limit, where the function `get_num_requests` was supposed to pull from the
database requests that were in progress from the same email address. The
way it's implemented now, requests are not removed from the table when
they are completed. Instead, the status is updated from `ONHOLD` to
`SENT`.
There's no reason to keep these entries around, especially since we have a
separate table for statistics. I also don't feel good about keeping
records of individual requests, even if the email addresses are hashed.
Emails draw from a low entropy tool and subsequent requests from the same
account are linkable.
I '''think''' just deleting requests once they are handled will fix this.
--
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/33123#comment:1>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online
More information about the tor-bugs
mailing list