ewallet
ewallet copied to clipboard
Implement rate limit on logins
We should have a system to limit the number of login tries with wrong passwords. TODO: Explore different methods
From team discussion:
- We could make a plug for that and plug it into all public endpoints, which should be conveniently grouped as public/authed endpoints already.
- Set a new configuration (
rate_limit
). Have a GenServer running that records requests per IP (?) and start blocking them. This GenServer would be a singleton across the entire cluster.