Comment 5 for bug 1178063

So it looks like for every user action (e.g. login/logout) tokens are generated, how fast can a user log in and out, I'm guessing through the API and a high speed network connection they can do this pretty fast (especially since they can run it concurrently?). This issue may be security related if an attacker can cause enough tokens to be created to trigger a denial of service condition. Also how do we flag public bugs with the "security" tag (I don't want to make it private, I just want to make sure the right people see it)?