From e9bba52cb5f7d0a8816138c97774bdafcd86886b Mon Sep 17 00:00:00 2001
From: Beto Dealmeida <roberto@dealmeida.net>
Date: Wed, 9 Aug 2023 18:02:26 -0700
Subject: [PATCH] Add some comments and change values

---
 superset/config.py | 14 +++++++++++---
 1 file changed, 11 insertions(+), 3 deletions(-)

diff --git a/superset/config.py b/superset/config.py
index 18cbccfd05274..0b70328e0b4c0 100644
--- a/superset/config.py
+++ b/superset/config.py
@@ -266,11 +266,19 @@ def _try_json_readsha(filepath: str, length: int) -> str | None:
 # Configuration for scheduling queries from SQL Lab.
 SCHEDULED_QUERIES: dict[str, Any] = {}
 
-# FAB Rate limiting
+# FAB Rate limiting: this is a security feature for preventing DDOS attacks. The
+# feature is on by default to make Superset secure by default, but you should
+# fine tune the limits to your needs. You can read more about the different
+# parameters here: https://flask-limiter.readthedocs.io/en/stable/configuration.html
 RATELIMIT_ENABLED = True
-AUTH_RATE_LIMITED = True
-AUTH_RATE_LIMIT = "2 per 5 second"
 RATELIMIT_APPLICATION = "50 per second"
+AUTH_RATE_LIMITED = True
+AUTH_RATE_LIMIT = "5 per second"
+# A storage location conforming to the scheme in storage-scheme. See the limits
+# library for allowed values: https://limits.readthedocs.io/en/stable/storage.html
+# RATELIMIT_STORAGE_URI = "redis://host:port"
+# A callable that returns the unique identity of the current request.
+# RATELIMIT_REQUEST_IDENTIFIER = flask.Request.endpoint
 
 # ------------------------------
 # GLOBALS FOR APP Builder