Beefy Boxes and Bandwidth Generously Provided by pair Networks
Clear questions and runnable code
get the best and fastest answer

Re: How to stop web interface bypassing?

by philcrow (Priest)
on Mar 25, 2008 at 15:03 UTC ( #676136=note: print w/replies, xml ) Need Help??

in reply to How to stop web interface bypassing?

On behalf of everyone who has needed to automatically interface with a browser only web service, let me urge you to at least consider letting people use their own tools to hit your service. This is especially important if there is some business to business relationship involved. Please do not think that your business partners should hire staff to surf your site. That just makes it harder for those of us who must do it automatically, because we cannot afford the staff, to fool you.

Rather, think about the problems and address them. It is never safe to assume that the client in a web interaction is feeding you safe data. You must validate it on the server, even if you have client side validation for the benefit of manual users. If certain people are overloading your site, protect it from them in some way. Perhaps simply by dumping anyone who feeds invalid data.

Every system you use to try to force people to use a browser manually can, and will, be spoofed, since the protocols are fixed and the browsers are well known. You'll have to protect yourself in some other way anyway. This is not an easy problem as you can see from all the captchas and other schemes people try to use to limit spam bots. If the users in question are genuine I would try to accommodate them, not ban them.


The Gantry Web Framework Book is now available.
  • Comment on Re: How to stop web interface bypassing?

Log In?

What's my password?
Create A New User
Domain Nodelet?
Node Status?
node history
Node Type: note [id://676136]
and the web crawler heard nothing...

How do I use this? | Other CB clients
Other Users?
Others perusing the Monastery: (3)
As of 2022-11-30 20:35 GMT
Find Nodes?
    Voting Booth?