Is rate limiting by IP the best way to handle something like this (other than th... | Hacker News

Hacker Newsnew | past | comments | ask | show | jobs | submit

		freditup on May 6, 2014 \| parent \| context \| favorite \| on: We'd lose our security certificate if we allowed p... Is rate limiting by IP the best way to handle something like this (other than the obvious, allowing better passwords)? You could obviously rate limit by account, but then you make it easy for anyone to lock anyone else out of their account. And obviously rate limiting by cookies as mentioned is awful.

kevinburke on May 6, 2014 [–]

There's no great way to "handle" something like this besides modifying the protocol to be less vulnerable.

Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact