Security
1 post
Hardening an Admin Login: IPs, Timing, and a JWT Cookie
Spoofed x-forwarded-for, timing-leaky password checks, and a password gate per dashboard. Four small fixes that turn a toy login into a real one.
