Security: limit Masterkey remote access

[babakness]

Issue Description

How does one limit where the master key will be accepted from. For example, only localhost or some specific IP? (or is this only possible by PR or a module?). Are there security features regarding mass query attempts to crack the master key?

[drew-gross]

Currently there are not, the master key itself is assumed to be the security mechanism. That would be a neat idea for something to add though!