Y
Hacker News
new
|
ask
|
show
|
jobs
by
jb_gericke
1119 days ago
Why not put auth on the endpoint and enforce quotas and rate limiting (an api gateway like kong could handle this for you).
1 comments
pfooti
1119 days ago
Endpoint was invoked in our signup funnel, so there was a bootstrapping problem for quota enforcement, the attackers weren't making a whole signup, just getting to the point where the domain search ran.
link