[FIX] Add rate-limit to authentication routes and other necessary part. #939
Assignees
Labels
auth
Issues categorised by authentication and users
Comments
|
Assign to me |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Describe the bug
The authentication routes without rate-limits are open to all kinds of attacks and abuse like:
Brute-Force Attacks:
These attacks involve trying different password combinations repeatedly to gain unauthorized access. Rate limiting can significantly slow down these attempts, making them less effective.
DDoS Attacks:
Distributed Denial of Service (DDoS) attacks aim to overwhelm a system with numerous requests, making it unavailable to legitimate users. Rate limiting can help mitigate the impact of these attacks by preventing excessive traffic.
API Abuse:
Some malicious actors might try to exploit APIs by making excessive requests to gather data or perform unauthorized actions. Rate limiting can prevent such abuse.
Bot Attacks:
Bots can be used to automate login attempts or other malicious activities. Rate limiting can hinder the effectiveness of these bots.
Throttling:
If a system is experiencing high load, rate limiting can help prevent it from being overwhelmed by excessive login requests.
Expected behavior
When concurrency is used in accessing the resources on the API, it comes to a point where the API slows down, with rate-limiting, the API is expected to block or deny access to this kind of abuse.
Related Issue
Rate limit
The text was updated successfully, but these errors were encountered: