search

bolt / core

🧿 Bolt 5 core
https://boltcms.io
MIT License
550 stars 161 forks source link

Rate Limiter for login attempts #2574

Open simongroenewolt opened 3 years ago

simongroenewolt commented 3 years ago

I think Bolt doesn't have any form of protection against brute-force password guessing attempts.

Symfony has recently added a Rate Limiter component symfony/rate-limiter that is usable from version 5.2 and currently rated 'experimental'. It enables protecting logins as well: https://symfony.com/blog/new-in-symfony-5-2-login-throttling

I think it makes sense to add this component by default to Bolt to protect users.

bobdenotter commented 3 years ago

Cool, didn't know about that! 👍