Prevent brute force attacks on login request handler

This question came up in https://github.com/solid/node-solid-server/pull/893#discussion_r230897425 (which is already merged).

The gist is: [/lib/requests/create-account-request.js#L128](https://github.com/solid/node-solid-server/blob/9b627e47ee191ea7b2a8f1710eb6a8a952e5557e/lib/requests/create-account-request.js#L128) currently has no way to guard against brute force attacks.

OWASP gives some [tips on how to block them](https://www.owasp.org/index.php/Blocking_Brute_Force_Attacks). [Fail2ban](https://en.wikipedia.org/wiki/Fail2ban) is popular among Sys Admins, too.


Plus, it could be an [information leakage](http://projects.webappsec.org/w/page/13246936/Information%20Leakage), but @megoth and @dmitrizagidulin argued, that the information would be public anyway.

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Prevent brute force attacks on login request handler #903

Metadata

Assignees

Labels

Type

Projects

Milestone

Relationships

Development

Prevent brute force attacks on login request handler #903

Description

Metadata

Metadata

Assignees

Labels

Type

Projects

Milestone

Relationships

Development

Issue actions