Is your feature request related to a problem? Please describe.
The feature request is to conduct a security review to harden all authentication related endpoints.
There are various approaches which involve:
- Not revealing data that would go towards identifying if a user exists on the system
- Throttling endpoints like
reset or otp requests which could lead to large scale abuse of a system, this is particularly important as the endpoints can be triggered outside of a user interface
- Working with infrastructure providers to prevent large or Web Application Firewalls to prevent attacks on the API layer
The aim here is to harden these endpoints so they are as secure as possible for applications around the Anomaly ecosystem.
Describe the solution you'd like
A better reviews set of endpoints for authentication
Describe alternatives you've considered
NA
Additional context
NA
Is your feature request related to a problem? Please describe.
The feature request is to conduct a security review to harden all authentication related endpoints.
There are various approaches which involve:
resetorotprequests which could lead to large scale abuse of a system, this is particularly important as the endpoints can be triggered outside of a user interfaceThe aim here is to harden these endpoints so they are as secure as possible for applications around the Anomaly ecosystem.
Describe the solution you'd like
A better reviews set of endpoints for authentication
Describe alternatives you've considered
NA
Additional context
NA