Security features - Githubissues

AllAboutLearningPress / Photo-Storage-and-Gallery

Share photo assets with all users in an easy to use gallery with a powerful backend.

3 stars 2 forks source link

Closed AllAboutLearningPress closed 3 years ago

AllAboutLearningPress commented 3 years ago

[x] User roles and max login retry attempts (like fail2ban).
[x] Since files are also being uploaded we need to make sure they can't be executed (such as containing payload).

AshrafAkon commented 3 years ago

By default, if user login failed for more than 5 times in a minute then they get banned for 1 minute. We can customize this ban time.

dyner commented 3 years ago

By default, if user login failed for more than 5 times in a minute then they get banned for 1 minute. We can customize this ban time.

That's 50,000 attempts in a week. Let's increase the ban time to 4 hours which is 210 attempts in a week.

AshrafAkon commented 3 years ago

5 failed attempts are permitted per hour, per user per ip. After those 5 failed attempts they will be banned for 4 hours. They this will reset.

AshrafAkon commented 3 years ago

Validation added to file upload requests.