Ref T13249. See D20132. Although we're probably a poor way to validate a big list of stolen cards in practice in production today (it's very hard to quickly generate a large number of small charges), putting rate limiting on "Add Payment Method" is generally reasonable, can't really hurt anything (no legitimate user will ever hit this limit), and might frustrate attackers in the future if it becomes easier to generate ad-hoc charges (for example, if we run a deal on support pacts and reduce their cost from $1,000 to $1).
Details
Details
- Reviewers
amckinley - Maniphest Tasks
- T13249: 2019 Week 7 - 10 Bonus Content
- Commits
- rP9a9fa8bed283: Rate limit attempts to add payment methods in Phortune
Reduced limit to 4 / hour, tried to add a card several times, got rate limited.
Diff Detail
Diff Detail
- Repository
- rP Phabricator
- Branch
- payment1
- Lint
Lint Passed - Unit
Tests Passed - Build Status
Buildable 21979 Build 30018: Run Core Tests Build 30017: arc lint + arc unit