Feature #40907: mgr/dashboard: REST API improvements
mgr/dashboard: REST API: security
The following measures should be implemented:
- Failed login limit (after that, the user will be disabled).
- Rate limiting: per-user/token.
- Cache-control private for every response containing personal sensitive information.
#3 Updated by Lenz Grimmer 7 months ago
Per our conversation during today's standup, let's split this issue up by moving "Rate limiting: per-user/token" and "Cache-control private for every response containing personal sensitive information" into separate issues and keep the focus of this issue on the limiting failed logins. However, I wonder if this isn't captured in #39999 already?