29/9 12:36:48  - info: [build] plugin static dirs build completed in 4.017sec
Looks like the build is killed, possibly due to not having enough memory, try setting some swap and try again.
That is not a bad idea. My concerns lie in the creation of an account where it has you make a password.
I barely know what I am talking about, buy in theory 1 very large string could cause some performance issues on the server end. Whether that be from encrypting, storing, or pulling the password.
I have seen 14 gig notepad documents with just strings of characters for Brute forcing, so I suppose the same could be used for initiating a Denial of Service.
@lulzdev I guess most of us can do it try the theory out, even mathematical if that's needed. But its indeed a interesting topic to have.
I think this is a reasonable solution for this problem
@lulzdev we do enable CAPTCHA on registration as well.
Also, express bodyParser has a default limit of 100kb,
Yeah the issue is for login (no captcha there) which asks bcrypt to hash whatever comes in, even at 100kb limit, it could potentially be abused
@psychobunny what about showing a captcha after 2 or 3 failed logins?
Appreciate the responses.
If login is where the potential lies, then CAPTCHA would certainly take care of it.