shared link password
Currently there is an opportunity for Shared Links with a password to be brute force broken, as there are not any controls in place to disable after unsuccessful attempts. Two options to handle this are:
- Implement the configuration in the Shared Link Password protection option to set the number of unsuccessful attempts
- Implement an audit event that documents an unsuccessful Shared Link Password attempt, so that a custom implementation can monitor the unsuccessful attempts, and react accordingly.
We'll be evaluating improvements to Shared Links later this year and will provide an update at that time.