Preventing Brute Force Using Node and Express JS

node.js security login express brute-force
Dave picture Dave · Oct 30, 2013 · Viewed 14.3k times · Source

I'm building a website using Node and Express JS and would like to throttle invalid login attempts. Both to prevent online cracking and to reduce unnecessary database calls. What are some ways in which I can implement this?

Answer

Dave picture Dave · Nov 7, 2013

So after doing some searching, I wasn't able to find a solution I liked so I wrote my own based on Trevor's solution and express-brute. You can find it here.

Related questions

Node.js https pem error: routines:PEM_read_bio:no start line

I am messing with login form right now with node.js, I tried creating a pem key and csr using openssl req -newkey rsa:2048 -new -nodes -keyout key.pem -out csr.pem However I been getting errors for running node …

Read More
JWT (JSON Web Token) automatic prolongation of expiration

I would like to implement JWT-based authentication to our new REST API. But since the expiration is set in the token, is it possible to automatically prolong it? I don't want users to need to sign in after every X …

Read More
Best practices when running Node.js with port 80 (Ubuntu / Linode)

I am setting up my first Node.js server on a cloud Linux node and I am fairly new to the details of Linux admin. (BTW I am not trying to use Apache at the same time.) Everything is installed …

Read More