Gareth Bowen

Yes the load will be on the server, and the iterations need to be increased until it's a noticeable load. Taking cht-conf as an example, we send hundreds of basic...

> Am I correct in saying at present only the admin password needs to be low iterations for perf? Usually that's the case. You _could_ create different users with permissions...

> I imagine that doesn't help with the basic auth issue? You're right that it's not a workaround for the basic auth issue. If you had admin users that only...

We're still working on rolling out cookie auth everywhere, so moving this to the next release.

Moved to 4.8.0 so as not to hold up the release.

@delcroip Thanks for this! Do you have time to dust it off and work on the feedback that @mrjones-plip shared?

@dianabarsan Now that we have this plugin in a separate repo I think we should close this PR, right?

The first step is to run the Rapid7 scan manually so we can verify it still works, and get a report with todo items. This may need some updating with...

@ralfudx Nice! Firstly, I've exported that report and uploaded to https://drive.google.com/drive/u/0/folders/1J5HBx6lN-pp2J4AEtv-mH61PPErWwq4k so we have a history even if we lose access to Rapid7. Secondly, can you please share login credentials...

Blocked waiting for Angular++