Security implications of leaving backend publicly exposed

[officialyinsane]

Currently, backend has no filtering and anyone that can talk to the port can send requests to backend.

There's no immediate risk to data integrity (due to EDDN -> EDPN -> frontend -> user) but some future edge case might open that. Additionally, chaos monkeys could flood backend with requests, effectively causing DDOS.

[pveeckhout]

covered in #39

The API itself should be secure / robust enough to be exposed publicly. the only endpoints that will accept data to write to the data base will be the once to manage the user accounts and API keys.

all the endpoints only perform read actions on the database, which will be rate limited based on anonymous, free or internal users