pepijnvanleeuwen
commented
8 years ago Recommended middleware for all API actions: https://github.com/ulule/limiter or https://github.com/jaredfolkins/badactor
Open pepijnvanleeuwen opened 8 years ago
pepijnvanleeuwen
commented
8 years ago Recommended middleware for all API actions: https://github.com/ulule/limiter or https://github.com/jaredfolkins/badactor
The creation of JWT's should have a proper brute-force protection. Captcha at API-level is not feasible.
Suggested brute-force protection: limiting amount of requests in X minutes from a specific IP. Locking accounts is useless, as this allows a malicious user to DoS a specific account. See this answer on Security SE.