Security overhal of Copi #1877
Description
There are various concerns for copi that should get adressed. E.g: making sure that we maintain availability under an attack. I know a couple of patterns that would work like (CAPEC 212, functionality missues). This, we should take care of. We won’t be able to remove the threat completely, but we should minimize it. Knowledge og Elixir requiered. The person that fixes this deserves to be mentioned in the OWASP Cornucopia Hall of Fame for sure.
How? We need to put a limit on the numer of users and probably the number of games started from the same ip as well. If it’s still an issue, the solution would be to implement some form of authentication and associate that with the ip address, browser client, etc. but that’s not the first thing we should do.