Prevent user guessing from rogue DFSPs

[BillHodghead]

From @bhcrosslake on January 12, 2017 0:35

As a DFSP, I don't want other DFSPs to get a complete list of my user numbers.

This could be possible through a brute force attack on the SPSP Server. To prevent that, the SPSP server should implement a circuit breaker to throttle queries from DFSPs that repeatedly try user numbers that don't exist.

Acceptance Criteria

• [ ] 3 bad queries in a row raise an event that can be used for fraud detection. These events can be seen in the operational UI. (# is configurable)
• [ ] The event also causes future SPSP queries from that DFSP to be slowed. Responses are not returned for a minute (time is configurable)
• [ ] An operator in the operational UI can clear the slowed state

This is a relatively low priority story as it doesn't involve money gain/loss. It may ignored if it is accomplished through the central hub. see #336

Copied from original issue: LevelOneProject/Docs#337

[BillHodghead]

From @gstaykova on June 30, 2017 14:11

@bhcrosslake , this issue discusses possible attacks through the SPSP server... which is no longer part of the architecture, as far as I know. Is the issue still relevant? Should it refer to the scheme adapter? What operational UI are you referring to?

[BillHodghead]

Ultimately, this functionality should be implemented by a central quote passing service, but we don't have that at this time. Processing the quote messages is done by scheme adapter, which should fire an event that there is a problem. We could choose to put throttling there now, but it doesn't make sense to do so when the code will probably be moved later. Let's move this to Phase2. The DFSP operational UI is at http:///#/login.