Rate Limits


#1

As it stands you can brute force through all of the security numbers. The app is so responsive you can knock through 200-300 numbers in 1-2 minutes.

I’m sure this isn’t intentional, in which case it might be worth rate limiting it?


#2

Thanks for the note. We are aware of the potential issue.

The current codes are for the launch queue only, and when we move to offering individual codes for customer referrals, this format may change, but I will also ask about the limiting.

At the moment, the only way to enter a code is to have already completed the application process, and therefore the risk is minimal - though it does mean that some may get the chance to jump in front of others in the queue which is frustrating for those who get overhauled.

We’ll certainly look into it however, so thanks for letting us know :slight_smile:


#3

I think @Recchan is referring to the card activation screen, judging by his post in the Fintech Talk Dozens Feedback thread, rather than the “queue jumping” invitation code.


#4

Yes, you’d be right. I read @robert’s post wrong as it was quite late!

I think invitation codes could probably be brute forced as well though, if the input were both done in the same way.


#5

Ah! I see. OK, I will look again. Sorry, missed the point on that one

thanks again