Building in public #2: The auth rabbit hole

I spent a week on authentication. It nearly broke me. Last time, I explained what Adsloty is and why I'm creating it. This time, I want to talk about something less exciting: authentication. I knew handling authentication wouldn't be easy. This isn't just a simple blog or a to-do app. Adsloty deals with real money. Sponsors pay for ad slots, and writers receive payments. When money flows through your platform, the phrase "it works on my machine" isn’t enough. You must consider what happens when someone tries to break in. I learned this lesson the hard way. Here’s what went wrong and how I fixed it. The brute force problem My first login setup was very basic. It included an endpoint that accepts an email and password, checks if they match, and returns a token. There were no limits or tracking, which meant someone could easily try many password guesses without any barriers. To fix this, I made some changes to the system. I added a counter in the database to track failed login attempts. E

Building in public #2: The auth rabbit hole

Related Articles

Week 6 — No New Problems. Just Me and Everything I Already Learned.

What OpenClaw Gets Wrong Out of the Box (And How to Fix It)

Android Remote Compose：讓 Android UI 不用發版也能更新

Learn Something Old Every Day, Part XVIII: How Does FPU Detection Work?

“Learn to Code” Is Dead… Learn to Think Instead

Related Articles

How-To
Week 6 — No New Problems. Just Me and Everything I Already Learned.
Medium Programming • 2d ago

How-To
What OpenClaw Gets Wrong Out of the Box (And How to Fix It)
Medium Programming • 3d ago

How-To
Android Remote Compose：讓 Android UI 不用發版也能更新
Medium Programming • 3d ago

How-To
Learn Something Old Every Day, Part XVIII: How Does FPU Detection Work?
Lobsters • 3d ago

How-To
“Learn to Code” Is Dead… Learn to Think Instead
Medium Programming • 3d ago