DoS vulnerability #129
Description
Would spamming the API with requests be a problem? New user requests (eg set status with empty UID) could fill up the database, trigger scaling, etc.
Do we need API keys? Rate limiting at least would be sensible.
{{ message }}