|
|
|
|
|
|
by Terretta
4269 days ago
|
|
|
Riddled with not-so-factual facts, such as: "It’s interesting to note that the API is using “Basic” authentication, which has a number of known security weaknesses, including the inability to perform account lockouts." There's no rule that basic auth has to be handled by the stateless basic auth built into your web server. You can handle HTTP auth headers with your own dynamic code, do anything you want with it, including anti-hammering or progressive lockouts. |
|
|