Defend against password brute-forcing
We don't have any rate limiters or attempt limiters for the log-in form. This should be remedied: e.g. 10 to 20 attempts before the account is locked out, and/or force some time between attempts.
We don't have any rate limiters or attempt limiters for the log-in form. This should be remedied: e.g. 10 to 20 attempts before the account is locked out, and/or force some time between attempts.