Description
Authentication and password reset endpoints lack rate limiting or back-off logic. This allows brute-force attacks on login credentials and password reset link spamming, causing server resource exhaustion.
Proposed Refactoring
- Implement IP and user-session rate limiting using Redis token bucket filter middleware.
Description
Authentication and password reset endpoints lack rate limiting or back-off logic. This allows brute-force attacks on login credentials and password reset link spamming, causing server resource exhaustion.
Proposed Refactoring