unnawut
commented
5 years ago From team discussion:
- We could make a plug for that and plug it into all public endpoints, which should be conveniently grouped as public/authed endpoints already.
- Set a new configuration (
rate_limit). Have a GenServer running that records requests per IP (?) and start blocking them. This GenServer would be a singleton across the entire cluster.
We should have a system to limit the number of login tries with wrong passwords. TODO: Explore different methods