You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
code-server supports setting a single password and limits logins to two per minute plus an additional twelve per hour.
This language is somewhat ambiguous and leaves room for interpretation. For example:
Are successful logins also part of the rate limit?
Are failed logins excluded from the rate limit?
Proposed Solution
To clarify, the FAQ could be revised as follows:
code-server supports setting a single password and limits all logins (successful or unsuccessful) to two per minute plus an additional twelve per hour.
Issue 2: Configuration File Permissions
When starting code-server, the generated configuration file is created with permissions that allow other users on the system to view the file. This can potentially expose the user’s password.
Proposed Solution
Ensure that the configuration file is created with stricter permissions, making it readable and writable only by the user running code-server.
Alternatively, provide a clear warning in the documentation about this behavior so users can manually adjust permissions.
Additional Feature Suggestion
As someone who prioritizes tight security but does not want to limit successful logins, it would be ideal to:
Customize rate limit settings.
Configure integration with fail2ban for more comprehensive security.
These enhancements would provide significant benefits for users who require fine-grained control over security policies.
The text was updated successfully, but these errors were encountered:
Issue 1: Ambiguity in Login Rate Limits
The code-server FAQ states:
This language is somewhat ambiguous and leaves room for interpretation. For example:
Proposed Solution
To clarify, the FAQ could be revised as follows:
Issue 2: Configuration File Permissions
When starting code-server, the generated configuration file is created with permissions that allow other users on the system to view the file. This can potentially expose the user’s password.
Proposed Solution
code-server
.Additional Feature Suggestion
As someone who prioritizes tight security but does not want to limit successful logins, it would be ideal to:
These enhancements would provide significant benefits for users who require fine-grained control over security policies.
The text was updated successfully, but these errors were encountered: