Open Yoric opened 3 years ago
Synapse already has rate-limiting on registrations (see https://github.com/matrix-org/synapse/blob/develop/docs/sample_config.yaml#L766-L805) though it's ratelimiting on the user's IP address. If I understand it correctly your suggestion would be to have something like this but global to the server; which sounds like an interesting thing to have but we probably want to think better about the design and defaults of this feature so that it's not confusing for Synapse admins.
On the error code and client behaviours, you probably want to open a separate issue on https://github.com/matrix-org/matrix-doc since this is more of a spec thing than a backend one.
If I understand it correctly your suggestion would be to have something like this but global to the server; which sounds like an interesting thing to have but we probably want to think better about the design and defaults of this feature so that it's not confusing for Synapse admins.
You understand correctly and I agree that it needs more thinking.
On the error code and client behaviours, you probably want to open a separate issue on https://github.com/matrix-org/matrix-doc since this is more of a spec thing than a backend one.
Was lazy. Will do :)
Thanks! :)
A simple measure could decrease the ability for malicious users to DDoS federation: throttling new account registrations.
Example behaviour
max_registrations_per_minute
, defaulting to 1.This may require:
M_SERVER_BUSY
;