RE: [slightly OT] defensive strategy

2004-04-13 Thread Andrew Hill
hehe. Glad to be of service. :-) -Original Message- From: Adam Hardy [mailto:[EMAIL PROTECTED] Sent: Wednesday, 14 April 2004 06:14 To: Struts Users Mailing List Subject: Re: [slightly OT] defensive strategy You're right, that's exactly what they're for and I do use

Re: [slightly OT] defensive strategy

2004-04-13 Thread Adam Hardy
Adam Hardy [mailto:[EMAIL PROTECTED] Sent: Wednesday, 14 April 2004 04:35 To: Struts Users Mailing List Subject: Re: [slightly OT] defensive strategy Could do, could do. However the voting form doesn't appear on any of my HTML pages - it appears as snippets in other people's HTML on external 3rd party websites, courtesy of

RE: [slightly OT] defensive strategy

2004-04-13 Thread Andrew Hill
ar to what your thinking of... -Original Message- From: Adam Hardy [mailto:[EMAIL PROTECTED] Sent: Wednesday, 14 April 2004 04:35 To: Struts Users Mailing List Subject: Re: [slightly OT] defensive strategy Could do, could do. However the voting form doesn't appear on any of my HTML pag

Re: [slightly OT] defensive strategy

2004-04-13 Thread Adam Hardy
Could do, could do. However the voting form doesn't appear on any of my HTML pages - it appears as snippets in other people's HTML on external 3rd party websites, courtesy of

RE: [slightly OT] defensive strategy

2004-04-13 Thread Daniel Perry
Subject: Re: [slightly OT] defensive strategy On 04/13/2004 12:39 PM McCormack, Chris wrote: > Interesting problem. You could implement image tickets, ie for every > user that wants to submit a form you generate a random sequence of > characters as an obscured image. That's n

RE: [slightly OT] defensive strategy

2004-04-13 Thread Andrew Hill
ave a valid token. Mainly used to deal with double submits and such like. -Original Message- From: Adam Hardy [mailto:[EMAIL PROTECTED] Sent: Tuesday, 13 April 2004 19:35 To: Struts Users Mailing List Subject: Re: [slightly OT] defensive strategy On 04/13/2004 12:39 PM McCormack, Chris

Re: [slightly OT] defensive strategy

2004-04-13 Thread Adam Hardy
On 04/13/2004 12:39 PM McCormack, Chris wrote: Interesting problem. You could implement image tickets, ie for every user that wants to submit a form you generate a random sequence of characters as an obscured image. That's not in the spec, thankfully! I'm only trying to put off the semi-determi

RE: [slightly OT] defensive strategy

2004-04-13 Thread Freddy Villalba Arias
Hi, Just a thought since I have never implemented something like this... I'd prevent users from submitting more than 1 vote from the same IP during a (configurable) period of time. I'd store all votes received in a DB. I'd implement some kind of police-entity, like, for instance, a VoteInspecto

RE: [slightly OT] defensive strategy

2004-04-13 Thread Daniel Perry
There are lots of ways to counter this. The simplest is a combination of session + cookie. Most people wont know how to / have any desire to delete the cookie. IPs are useful, but be careful: - Some of the big ISPs (eg freeserve in the uk) have 'hidden' proxy servers, so if popular you may get mor

RE: [slightly OT] defensive strategy

2004-04-13 Thread McCormack, Chris
Interesting problem. You could implement image tickets, ie for every user that wants to submit a form you generate a random sequence of characters as an obscured image. To enable the user to submit the form they have to visually read and enter the code displayed in the image. A simpler but less