Hacker News new | past | comments | ask | show | jobs | submit login

When I recently wrote Twilio code the first thing I did was add in as much stuff as I could to prevent this sort of thing happening. I think I put in captcha and also IP address throttling and request counting.

At the time I wondered if I was overengineering or gold plating but apparently not.

I do seem to recall that Twilio writes about this issue quite alot and includes strategies in its best practices for avoiding the issue.




Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: