Open ePascalC opened 6 years ago
I'd suggest that you throttle on total requests from anywhere to this tool. An attacker with access to a botnet could easily launch requests from many different ip addresses in parallel. Of course, session cookies are even easier to strip off from the requests.
The session? IP address for DoS later?