Feat: add bruteforce protection

hcengineering / platform

Huly — All-in-One Project Management Platform (alternative to Linear, Jira, Slack, Notion, Motion)

https://huly.io

Eclipse Public License 2.0

17.53k stars 1.06k forks source link

Feat: add bruteforce protection #6570

Open CipherGeek opened 2 months ago

CipherGeek commented 2 months ago

Description of the issue

The current version of Huly SelfHosted does not have any protection against password mining, as it allows an unlimited number of attempts for authorization.

Environment

Huly v0.6.280 SelfHosted.

Possible solutions

This will significantly reduce the likelihood of attacks:

Add Google reCAPTCHA or other captcha to authorization and registration page.
Add two-factor authorization.
In addition, add limit the number of authorization requests from a single IP address.

kasir-barati commented 3 weeks ago

hcengineering / platform

Feat: add bruteforce protection #6570

Description of the issue

Environment

Possible solutions

This one looks like tons of fun. I am down. I'll do some digging to see what should be done. BTW