Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Discard session token after n failed attempts #100

Open
ejain opened this issue May 7, 2024 · 1 comment
Open

Discard session token after n failed attempts #100

ejain opened this issue May 7, 2024 · 1 comment
Labels
good first issue Good for newcomers

Comments

@ejain
Copy link

ejain commented May 7, 2024

Should have some protection against brute-forcing security codes, especially since TOKEN_LENGTH can be set to a low value like 4...
@CuriousLearner CuriousLearner added the good first issue Good for newcomers label Oct 13, 2024
@CuriousLearner
Copy link
Owner

Thanks for the suggestion.

I would suggest a setting that controls the MIN_TOKEN_LENGTH. We may have another setting to discard the token after n failed attempts where n can be configured through another setting. If you'd like to work on this and raise a PR, I'll be happy to merge it.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
good first issue Good for newcomers
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@ejain @CuriousLearner