implementors must mitigate brute force attacks

nmfta-repo / nmfta-opentelematics-api

API Blueprint for Open Telematics API

Apache License 2.0

13 stars 6 forks source link

implementors must mitigate brute force attacks #21

Closed BenGardiner closed 5 years ago

BenGardiner commented 5 years ago

Mitigate 'continuously attempting to login' -- https://www.owasp.org/index.php/Blocking_Brute_Force_Attacks

BenGardiner commented 5 years ago

we are requiring a global rate-limit on authentication attempts across all API endpoints.

This opens up an obvious means of Denial of Service. If the group wants to accept the additional implementation complexity: we should move to session-based authentication for this version of the API.