I was just finishing up a reset password system, and thought it would be wise to have a limit attempt restriction on the actual reset page (for the token input). I did a few google searches, and I'm finding next to nothing on doing that with CakePHP. Now, I can throw something together, but I like reading up on other implementations because it helps me catch ideas that I might not have thought of, and helps avoid potential security hazards and bugs.
Because I was unable to find anything, it has made me wonder if I am attempting a poor form of security for my application. Is there a reason that this is greatly under covered (ie, is it covered by the security component or something else, a bad way to prevent brute force attacks, replaced by a better method), or is this a good method of protecting my application? Should I be looking at a different way to protect my application?
Thank you!