How to protect the Laravel API from brute-force?

I have a database with a user table that is on the server and a graphical application that is on the user’s computer. Authorization needs to be done.

Obviously, you cannot access the database directly from the application, you need to write an API (for this I use Laravel). I’m going to send the entered username and password from the application to the API and receive a response about the correctness of the entered data

But in this case, how to limit the number of requests with an incorrect password to protect yourself from brute-force?

>Solution :

Laravel includes a simple to use rate limiting abstraction which, in
conjunction with your application’s cache, provides an easy way to
limit any action during a specified window of time.

https://laravel.com/docs/9.x/rate-limiting

Leave a Reply