Striving to become a master Go/Cloud developer; Father ๐จโ๐งโ๐ฆ; ๐ค/((Full Stack Web|Unity3D) + Developer)/g; Science supporter ๐ฉโ๐ฌ; https://coder.today
My way would be to let the authentication to professionals, and use a oauth system like Google and in the config I would write my email, so only with a valid token from Google for that email you would gain access.
Sounds safer to put a token yourself in the config. If you remove the generation method from the code would be safer, because the intruder cannot "reset" it and gain control.
If you use a cloud provider would be easier to use a private key generated from their IAM services.
Back in the days we would use Apache auth plugin with user and password, maybe that is still a valid method.
Another note would be to block the IP ranges as well for more security.
PS: last month or so a similar question was posted on dev.to but I cannot find it, it was for an admin user but he had the same problem.
For further actions, you may consider blocking this person and/or reporting abuse
We're a place where coders share, stay up-to-date and grow their careers.
My way would be to let the authentication to professionals, and use a oauth system like Google and in the config I would write my email, so only with a valid token from Google for that email you would gain access.
Sounds safer to put a token yourself in the config. If you remove the generation method from the code would be safer, because the intruder cannot "reset" it and gain control.
If you use a cloud provider would be easier to use a private key generated from their IAM services.
Back in the days we would use Apache auth plugin with user and password, maybe that is still a valid method.
Another note would be to block the IP ranges as well for more security.
PS: last month or so a similar question was posted on dev.to but I cannot find it, it was for an admin user but he had the same problem.