andrewmusselman commented on issue #23: URL: https://github.com/apache/tooling-agents/issues/23#issuecomment-4392771717
**False positives identified** Issue: FINDING-001 - Authentication documentation completely lacks rate limiting, anti-automation, and account lockout guidance Issue: FINDING-002 - No rate limiting or brute force protection on authentication endpoints Issue: FINDING-003 - System-generated passwords use non-cryptographic PRNG (random.choices) Issue: FINDING-004 - System-generated initial passwords never expire and become permanent credentials Issue: FINDING-010 - No Security Headers Middleware for Content Interpretation Prevention For audit guidance, use https://github.com/apache/airflow/blob/main/AGENTS.md#security-model for example. -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: [email protected] For queries about this service, please contact Infrastructure at: [email protected] --------------------------------------------------------------------- To unsubscribe, e-mail: [email protected] For additional commands, e-mail: [email protected]
