0

What are the patterns (best practices, whatever) to prevent brute force (and features alike) in stateless API architectures that keep the system stateless? Couldn't find anything regarding this topic.

I want to keep the system stateless to keep scalability less painful and easier to maintain. And by scalability, I mean horizontal, across multiple data centers.

schroeder
  • 123,438
  • 55
  • 284
  • 319
GalacticRanger
  • 1
  • 1
  • It sounds like the protection measures from RESTful APIs would apply, no? – schroeder Aug 29 '22 at 12:53
  • @schroeder what exactly do you mean by that? wouldn't it affect horizontal scalability? – GalacticRanger Aug 29 '22 at 13:01
  • I mean that since REST is stateless, and they have a variety of protection measures, that you should be looking at those? You said that you "couldn't find anything regarding this topic". – schroeder Aug 29 '22 at 13:24
  • @schroeder can you link to these "protection measures" plz? Are they relate to brute force(and similar) attacks? Are you talking about adding layers? Regarding "I couldn't find anything regarding *this*" - by *this*, I meant something that will prevent brute force and yet keep the server stateless. So yeah, I didn't find anything useful atm – GalacticRanger Aug 29 '22 at 15:18
  • If you google "rest security brute force" you will find quite a lot of material ... – schroeder Aug 29 '22 at 17:37
  • @schroeder I didn't find anything that can solve the issue without adding state to server side. – GalacticRanger Aug 30 '22 at 03:58
  • 1
    Then perhaps it would be helpful if you edited the question to add what you have seen as established controls and why they do not fit your needs. Because from what you have written, I would simply repeat what is readily available as REST approaches. – schroeder Aug 30 '22 at 06:57

0 Answers0