HomePhorge
Diffusion Phorge 9a9fa8bed283

Rate limit attempts to add payment methods in Phortune
9a9fa8bed283
Actions

Description

Rate limit attempts to add payment methods in Phortune

Summary: Ref T13249. See D20132. Although we're probably a poor way to validate a big list of stolen cards in practice in production today (it's very hard to quickly generate a large number of small charges), putting rate limiting on "Add Payment Method" is generally reasonable, can't really hurt anything (no legitimate user will ever hit this limit), and might frustrate attackers in the future if it becomes easier to generate ad-hoc charges (for example, if we run a deal on support pacts and reduce their cost from $1,000 to $1).

Test Plan: Reduced limit to 4 / hour, tried to add a card several times, got rate limited.

Reviewers: amckinley

Reviewed By: amckinley

Maniphest Tasks: T13249

Differential Revision: https://secure.phabricator.com/D20158

Details

Provenance
epriestleyAuthored on Feb 13 2019, 5:14 AM
themackabuPushed on Mar 25 2025, 8:07 PM
Parents
rP991368128e4d: Bump the markup cache version for URI changes
Branches
Unknown
Tags
Unknown

Event Timeline

Changes (4)

PathSize
src/
applications/
phortune/
controller/
payment/
phortune/
action/
files/
action/
PhortuneAddPaymentMethodAction.php
PhabricatorFilesOutboundRequestAction.php

rP9a9fa8bed283

View Options

src/__phutil_library_map__.php

Loading...
View Options

src/applications/phortune/action/PhortuneAddPaymentMethodAction.php

Loading...
View Options

src/applications/phortune/controller/payment/PhortunePaymentMethodCreateController.php

Loading...