Defend admin login against bruteforce

cthit / VoteIT

Voting website hosted on a node.js server

MIT License

4 stars 29 forks source link

Defend admin login against bruteforce #55

Closed lindskogen closed 8 years ago

lindskogen commented 8 years ago

closes #54

Dr-Horv commented 8 years ago

Looks good. But we should also increase threshold if a request to the api is made with invalid auth-header right? I mean if it's present but incorrect. Otherwise someone could bruteforce there

lindskogen commented 8 years ago

You are right, 1 sec!

Dr-Horv commented 8 years ago

LGTM