Elgato_dark/fleet
1
0
Fork 0
mirror of https://github.com/fleetdm/fleet synced 2026-05-24 09:28:54 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions 30

Fleet Desktop guide (#32250)

Browse source 
- Brute forcing the device token is effectively impossible
This commit is contained in:
Noah Talerman 2025-08-29 03:33:45 -07:00 committed by GitHub
parent 880798b6c8
commit 5f621218f1
No known key found for this signature in database
GPG key ID: B5690EEEBB952194
1 changed files with 3 additions and 1 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

4
articles/fleet-desktop.md
View file

@ -33,9 +33,11 @@ Requests sent by Fleet Desktop and the web page that opens when clicking on the
The server uses this token to authenticate requests that give host information. Fleet uses the following methods to secure access to this information.
Brute-forcing this UUID would take longer than the universe has existed, even with the fastest computers imaginable.
**Rate limiting**
To prevent brute-forcing, Fleet rate-limits the endpoints used by Fleet Desktop on a per-IP basis. If an IP requests more than 720 invalid UUIDs in a one-hour interval, Fleet will return HTTP error code 429.
To prevent brute-forcing attempts, Fleet rate-limits the endpoints used by Fleet Desktop on a per-IP basis. If an IP requests more than 720 invalid UUIDs in a one-hour interval, Fleet will return HTTP error code 429.
**Token rotation**