Does it make sense to have a server dedicated to login? [closed]

Since the login process itself involves an expensive hash, it also makes this part of any app vulnerable to (D)DOS attacks.

Is it a good idea to put the login portion of the app on it’s own dedicated servers as one line of defense or are there equivalent and less expensive approaches?

Thanks in advance.

Answer

No, it is not a good idea. You can rely on the per-IP and per-username login attempt rate limits which you have already implemented to ameliorate password guessing attacks anyway.

You have implemented login attempt rate limits, haven’t you?

Attribution
Source : Link , Question Author : user420667 , Answer Author : womble

Leave a Comment