Meteor.js:获得匿名访问者唯一的ID/ip/什么? [英] Meteor.js: Get anonymous visitors unique ID/ip/whatever?
问题描述
假设我正在使用meteor.js构建应用程序,我只是从用户那里收集一些简单的表单数据.也许是一个简单问题的答案或其他东西.他们不需要登录即可提交数据.
Let's say I'm building an app using meteor.js where I just collect some simple form data from users. Maybe an answer to a simple question or something. They don't need to log in to submit data.
如何保护我的应用程序免受有人在其Chrome控制台中创建一个仅将废话插入数据库的js循环的攻击?
我可以通过执行以下操作来保护删除和更新:
I can protect removal and updates by doing this:
Formanswers.allow({
insert: function () {
return true;
},
update: function () {
return false;
},
remove: function () {
return false;
},
});
如果用户已登录(您记得我的应用程序中不是这种情况),我可以为每个插入标记时间戳并检查类似的内容:
And if the user was logged in (which as you remember is not the case in my app) I could timestamp each insert and check something like:
insert: function (userId, doc) {
if (userId && (Formanswers.findOnd({userid: userId, time: SOMETHING TIME SPECIFIC}).count() < 1)) return true;
},
所以我的问题是:还有其他方法可以为匿名(未登录)用户获取唯一的userId或IP地址或其他东西,以便我也可以对他进行上述检查吗?
So my question is: is there any other way of getting a unique userId-thing or IP-address or something for an anonymous (not logged in) user so I can do the above check on him as well?
谢谢!
推荐答案
您可以使用陨石包.
匿名帐户
https://github.com/tmeasday/meteor-accounts-anonymous
所以您使用
Meteor.loginAnonymously();
如果用户是第一次访问您的页面,并使用.allow检查您需要的内容
if the user visits your page for the first time, and use .allow to check what you need
这篇关于Meteor.js:获得匿名访问者唯一的ID/ip/什么?的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!