feat: prevent brute force attack against authorization - Githubissues

sasjs / server

Build Apps on Base SAS

https://server.sasjs.io

MIT License

20 stars 3 forks source link

feat: prevent brute force attack against authorization #345

Closed sabhas closed 1 year ago

sabhas commented 1 year ago

Issue

closes #344

Intent

Make sure login endpoints are protected to make private data more secure.

A simple and powerful technique is to block authorization attempts using two metrics:

The first is number of consecutive failed attempts by the same user name and IP address.
The second is number of failed attempts from an IP address over some long period of time. For example, block an IP address if it makes 100 failed attempts in one day.

Checks

[ ] Code is formatted correctly (npm run lint:fix).
[ ] Any new functionality has been unit tested.
[ ] All unit tests are passing (npm test).
[ ] All CI checks are green.
[ ] Reviewer is assigned.

sasjsbot commented 1 year ago

:tada: This PR is included in version 0.31.0 :tada:

The release is available on:

GitHub release
v0.31.0

Your semantic-release bot :package::rocket: