Looking at the code, I realized that throttle identifiers are ambiguous and could lead to subtle bugs. For instance:
- The identifier for 'user' is the user's id. This makes sense, but if the edit comes from an anonymous user the ID is 0, and thus grouping by 'user' effectively counts all IPs to be the same user
- The fact that in the 'default' case we use 0 as identifier adds up to this (although there shouldn't be any default, i.e. if reaching the default we should throw)
- The 'creationdate' is an integer which could be equal to the ID of an existing user (very unlikely)
- The 'site' identifier is 1, which makes it count for throttling the user with ID = 1 (very unlikely)
- The 'editcount' is an integer, which could be confused mostly with user ID
All these things together could create some confusion which we should avoid altogether. A simple solution could be to prepend the identifier name: so, for instance, the identifier for 'site' won't be 1 but 'site-1', etc. This will address 1.A, 2, 3 and 4.
As for 1, we could make 'user' fallback to the IP if the ID is 0, or use the username instead of the ID (but I think this could introduce problems in case of renaming).