Adrian Boros
Results
2
comments of
Adrian Boros
@Tymmmy yes, this story is one of the countermeasure for[ brute force attacks](https://en.wikipedia.org/wiki/Brute-force_attack#Countermeasures), still something we should have. Let's split this in two separate issues.
This rate limit implementation works as route middleware, which means we count the endpoint hit and NOT failed login attempts. We can hit the rate limit even with successful logins...