core icon indicating copy to clipboard operation
core copied to clipboard
verified publisher icon bolt

Rate Limiter for login attempts

Open simongroenewolt opened this issue 4 years ago • 1 comments

I think Bolt doesn't have any form of protection against brute-force password guessing attempts.

Symfony has recently added a Rate Limiter component symfony/rate-limiter that is usable from version 5.2 and currently rated 'experimental'. It enables protecting logins as well: https://symfony.com/blog/new-in-symfony-5-2-login-throttling

I think it makes sense to add this component by default to Bolt to protect users.

simongroenewolt avatar May 11 '21 11:05 simongroenewolt

Cool, didn't know about that! 👍

bobdenotter avatar May 13 '21 07:05 bobdenotter