C4GGSearch
Search across all content
C4GGSearch across all content
Login fetches API multiple times, if there is no rate limiting, it could lead to: -Brute force Attacks -Pointing API multiple times reducing server loads -Cost saving for API request
Adding rate limiting to the login flow will significantly harden the security by preventing automated scripts from spamming the authentication API. Add Max 5 tries every 10 minutes. Failure login doubles the wait time (1s, 2s, 4s, 8s...). Account Lockdown need email confirmation after many times. Send an email that is 'someone tried to login to your account' for security purposes.
Please sign in to leave a comment