限制我们网站上投票的最佳方法是什么? [英] What is the best way to limit voting on our website?
问题描述
我们的网站上有用户可以投票的文章.推荐的限制投票方法是什么?
We have website with articles users can vote for. What is the recommended method of limiting votes?
有很多实施投票的站点,我知道一些可能的解决方案,但是我猜这是一些基于会话,IP,时间限制等的基本的防弹推荐方法.
There are so many sites that have voting implemented that I know some possible solutions but I guess that is some basic bulletproof recommended method based on sessions, IPs, time limit, etc.
从浏览器发送投票的最佳方法是什么?基本的GET/POST或AJAX请求?是否有必要使用一些预先生成的request-id?
What is the best way to send votes from browser? Basic GET/POST or AJAX request? Is it necessary to use some pregenerated request-id?
更新:我们无法使用用户注册.
Update: We cannot use user registration.
推荐答案
[...] 防弹 [...]
按帐户限制将有帮助-IP地址是动态的,并且可以轻松更改以远程安全".当然,您当然也必须限制帐户的创建..
Limiting by account will help - IP addresses are far to dynamic and easily changeable to be remotely "secure". You then of course have to limit account creation, again, difficult..
Stackoverflow做得很好(最近有博客条目,新的问题/回答率限制" )-基本上有一些帐户,您必须在其中活跃一段时间才能投票.然后,您将受到速率限制(受帐户限制),直到您参加了更长的时间.然后取消了限制,因此您不会烦扰更多活跃(更受信任)的用户.
Stackoverflow does it quite nicely (there was blog-entry about this recently, "New Question / Answer Rate Limits") - basically have accounts where you have to actively participate for a while before you can vote. Then you are rate-limited (by account) until you've participated for a bit longer. Then the limits are removed, so you don't annoy more active (more trusted) users.
如果您只是想防止因果关系,意外"投票,请通过Cookie以及IP(可能会限制多个用户)(请注意,一个IP后面可以有多个用户). ,则要求您不能仅单击注册"的帐户(或者,您不能为其编写"2000次单击注册的脚本"的脚本),尽管这并不总是可能的(或不切实际的)
If you just want to prevent causal, "accidental" voting, limit by cookie, and possibly also by IP (bearing in mind more than one user can be behind a single IP).. If you want to try and prevent abuse, require accounts which you can't just click "signup" for (or rather, one you cannot write a "click signup 2000 times"-script for), although this isn't always possible (or practical)
这篇关于限制我们网站上投票的最佳方法是什么?的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!