Comment by rokoss21
3 days ago
Nice project! Spring Boot with JWT is a solid foundation for secure notes. One consideration: consider adding rate limiting and account lockout mechanisms to prevent brute force attacks. Also, encryption at rest for stored notes would strengthen security posture.
Thank you for your amazing suggestions @rokoss21
The account lockout mechanism really stood out to me—it's a standard feature in security-first systems that I completely overlooked. I'll definitely look into implementing that to mitigate brute force risks.
Regarding encryption at rest, it is the most important takeaway from your advice. Would you advise I handle encryption at the application level or at the database level? I'd love to hear your thoughts on the trade-offs.