I do not think 'attack' means what he thinks it means; this is why 'rate limiting' is a thing. https://vimeo.com/163113209 @Vimeo
-
-
Replying to @jasonmulligan
@jasonmulligan And I do not think you’ve watched the video. Rate limits do not apply to the scenarios in the demos.1 reply 0 retweets 0 likes -
Replying to @jasonmulligan
@jasonmulligan How would you describe these demos then? And what was your point re: rate-limiting?1 reply 0 retweets 0 likes -
Replying to @jasonmulligan
@mathias but that insight itself is of questionable value… you need a system that can be compromised with that info, and that’s why i…1 reply 0 retweets 0 likes -
Replying to @jasonmulligan
@mathias mentioned rate limiting, if you’re probing a system… and it lets you… that system is poorly designed, or you’re doing something…1 reply 0 retweets 0 likes -
Replying to @jasonmulligan
@mathias that it allows by design; third case is where shit like sql injection happens and all bets are off2 replies 0 retweets 0 likes
@jasonmulligan How should a system differentiate between the 6 HTTP requests (cfr. last demo) and actual users opening those 6 pages?
Loading seems to be taking a while.
Twitter may be over capacity or experiencing a momentary hiccup. Try again or visit Twitter Status for more information.
JavaScript, HTML, CSS, HTTP, performance, security, Bash, Unicode, i18n, macOS.