Open tegefaulkes opened 1 year ago
The rate limiter is still quite basic atm, I had an upgraded design here https://github.com/MatrixAI/Polykey/issues/148#issuecomment-1676640517.
Rate limiting wise, it's not guaranteed to prevent DOS. Only proof of work can do so. But it's a quick way of rate limiting based on certain identifiers. So it can be expanded further. Could combine proof of work along with some bucketing mechanism as a general "resource governor". It sort of reminds me of the resource-counter library that we have.
Specification
As per #148 we applied some rate limiting mechanisms for preventing amplification attacks. But to truly protect against this we need to implement a simple proof of work for making signalling requests.
Additional context
Tasks