in reply to Database Security

merlyn did a column once on anti robot stuffing of vote polls. The idea was to prevent automated techniques from making multiple votes for a poll. The technique used was generating a code on an image and getting the user to enter the code along with their vote.

Why not apply this technique to your website? for each search you could generate a "nondeterminate" number that a user has to enter each time they do a search.

The code would last only a few mins and would not be reusable in the short term.

In HTTP there is no state, so a user cant keep your directory "open" in a literal sense. If what you mean is a search page is being refreshed all the time, that's easy: Embed a hidden (nondeterminate) value in your page and hook it up with a created time in a database, when the user hits refresh, compare the hidden token with the stored timestamp, and return a timeout page if the difference is over your threshold.

A Non Determinate Value could mean:

use Digest::MD5 qw(md5_hex);

my $ndv = md5_hex('53cr3t 57r1n6'.$$.rand().localtime() );
my $smallndv = substr($ndv, 0, 4);

[download]

Replies are listed 'Best First'.
Re: Re: Database Security
by cjf (Parson) on Apr 03, 2002 at 11:03 UTC
    merlyn did a column once on anti robot stuffing of vote polls. The idea was to prevent automated techniques from making multiple votes for a poll. The technique used was generating a code on an image and getting the user to enter the code along with their vote.

    See jcwren's A little fun with merlyn for a way to bypass such a script :-).

[reply]

In Section Seekers of Perl Wisdom