Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Prevent brute-force attacks against authorization #3

Open
JumpyLionnn opened this issue Jan 10, 2023 · 0 comments
Open

Prevent brute-force attacks against authorization #3

JumpyLionnn opened this issue Jan 10, 2023 · 0 comments
Labels
enhancement New feature or request

Comments

@JumpyLionnn
Copy link
Owner

JumpyLionnn commented Jan 10, 2023
edited
Loading

Make sure login endpoints are protected to make private data more secure.
A simple and powerful technique is to block authorization attempts using two metrics:

  1. The first is number of consecutive failed attempts by the same user name and IP address.
  2. The second is number of failed attempts from an IP address over some long period of time. For example, block an IP address if it
    makes 100 failed attempts in one day.

rate-limiter-flexible package provides tools to make this technique easy and fast.
there is also the ratelimiter package that can help with that as well as the express-rate-limit package.
@JumpyLionnn JumpyLionnn added the enhancement New feature or request label Jan 10, 2023
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
enhancement New feature or request
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
1 participant
@JumpyLionnn