johnson-oragui
commented
3 months ago @MikeSoft007
Open johnson-oragui opened 3 months ago
johnson-oragui
commented
3 months ago @MikeSoft007
MikeSoft007
commented
3 months ago Assign to me
Describe the bug The authentication routes without rate-limits are open to all kinds of attacks and abuse like:
Brute-Force Attacks: These attacks involve trying different password combinations repeatedly to gain unauthorized access. Rate limiting can significantly slow down these attempts, making them less effective.
DDoS Attacks: Distributed Denial of Service (DDoS) attacks aim to overwhelm a system with numerous requests, making it unavailable to legitimate users. Rate limiting can help mitigate the impact of these attacks by preventing excessive traffic.
API Abuse: Some malicious actors might try to exploit APIs by making excessive requests to gather data or perform unauthorized actions. Rate limiting can prevent such abuse.
Bot Attacks: Bots can be used to automate login attempts or other malicious activities. Rate limiting can hinder the effectiveness of these bots.
Throttling: If a system is experiencing high load, rate limiting can help prevent it from being overwhelmed by excessive login requests.
Expected behavior When concurrency is used in accessing the resources on the API, it comes to a point where the API slows down, with rate-limiting, the API is expected to block or deny access to this kind of abuse.
Related Issue
Rate limit