[openstreetmap/openstreetmap-website] Limit number of edits per user and day (#2342)

[Mateusz Konieczny]

> Bottom line, these changes are much more difficult to implement than it might appear.

If I would consider them simple then I would submit PR rather than writing hopefully-useful-comments :)

> Overall, I'd also like to mention that I didn't see a thorough analysis of potential attack vectors, still we're already discussing some detailed solutions here, which feels to me much like an ad-hoc attempt at fixing things. That's not exactly the kind of working model I'd like to see for security topics.

Is it about some dedicated attacks like initiating multiple huge uploads at the same time, or opening multiple changesets and keeping them alive to create big stack and using them all at once?

Or about kind of attacks we want to stop (bulk vandalbot like latest attack, badly done import etc) 

Os is it about exploiting this method to cripple regular user who is not malicious (false reporting etc)?

Or about something else?

-- 
Reply to this email directly or view it on GitHub:
https://github.com/openstreetmap/openstreetmap-website/issues/2342#issuecomment-1704363899
You are receiving this because you are subscribed to this thread.

Message ID: <openstreetmap/openstreetmap-website/issues/2342/1704363899 at github.com>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openstreetmap.org/pipermail/rails-dev/attachments/20230903/8d9c3cda/attachment-0001.htm>