After reading yesterday's update about the new API limits, I'm quite concerned.
The default limit is 100 queries per day, which is OK because it can be increased on demand; however, my concern is more about the potential attack vector it opens; what if a malicious user sends, say, 1000 different queries? It would lock out the legitimate use of that API without any kind of possible defense. Or another situation; a site appears in another popular page like Slashdot or Digg; I'm sure it would hit the usage limit very easily. That kind of errors would make the website look very unprofessional. I believe that it would be a lot better to limit the rate by requests per IP address, and also define a special error for when the quota has been reached. -- You received this message because you are subscribed to the Google Groups "Google AJAX APIs" group. To post to this group, send email to [email protected]. To unsubscribe from this group, send email to [email protected]. For more options, visit this group at http://groups.google.com/group/google-ajax-search-api?hl=en.
