Censorship
Freedom (but captcha to prevent DDoS and other bot attacks)
Pick one.
Why not do something like if a user is logged in, do a rate limit on the user + ip address instead?
Captchas are only necessary when your users are random and anonymous. If they aren't, you can rate limit them which prevents them from attacks
I mean idk if poal controls any of these entities or can tie in or what. Idk the specifics of your infra, I'm just making the case that it's possible to avoid attacks and also not annoy your users to the point that they opt to not view your content our of frustration or even because they technically cannot
I mean idk if poal controls any of these entities or can tie in or what.
There are many things you don't seem to know about what you are claiming.
Are you a jew? Because if you aren't, you certainly sound like one.
No, you have an http request. It contains an ip and a header. In the header, you put an authorization token that the client is given when logging in. This can be done, for example, with AWS cognito. But it could also many other methods
Then when the client makes a request, it gives that token and the server says oh yeah, this is user X. User X hasn't made more than 10 requests this second, and not more than 100 in the last minute (or some similar logic). Thus, user X is safely using our site
Now, this doesn't work for anonymous users who aren't logged in. They can't be tracked cuz there's no token and that ip can be faked. This encourages users to log in because they don't have to use captchas that way, but you still don't have to worry about attacks
(post is archived)