pixelated / pixelated-dispatcher

Server component of Pixelated that allows running multiple instances of the user agent on a single server.

Geek Repo:Geek Repo

Github PK Tool:Github PK Tool

Handle bruteforce on login

shyba opened this issue · comments

Why

Multiple failed logins should block the user (ip?) or the account for security reasons.

Way to reproduce

  • go to login page
  • try fake passwords on 'alice' multiple times
  • no problem or feedback, you can keep trying

Definition of done

I am unable to try a password more than 3 or 4 times.

Tips

@fbernitt had an idea about using fail2ban to achieve this.

This is a good idea but it isn't our focus now.
Our focus now is the migration of Bitmask libraries latest version to Pixelated code.

I'll close this issue for now, it might be reopened in the future if it makes sense.