Hacker News new | ask | show | jobs
by dboreham 180 days ago
Always consider rate limiting if you deploy a public endpoint. Always require authentication to perform resource-consuming and/or privacy leaking requests. (Requiring authentication makes rate limiting more practical since even a distributed attacker would need many credentials, which they probably don't have).
1 comments
cake 179 days ago
Any tips on how to define the rate limits for a web app with moderate traffic? For logged and anonymous users?
link