- https://tech.lgbt/@risottobias
-
privacy, security, design
- Joined on
2024-12-29
middleware
probably only needs to evaluate on login/recover routes, right? for banning kick them out of an existing session.
notify failed attempts to haunt, guestbook, praetorian, etc - callback function injection
plausible + exclusion
guest acknowledgement or leave page
limit recovery email rate to one per user per day?
limit login attempts before engaging devicecookie lock
as primary SSO provider? or as passthrough, or as library to read other's SSO
error page / unlock links
if device cookie is present, allow them to send a link to their email (using mailer middleware)