防止非人为产生的请求 [英] Preventing non-human generated requests
问题描述
我开发了一个PHP应用程序,其主要用例是从数据库中获取一些数据。我想防止通过使用假请求获取数据库数据的所有记录。用户界面很简单(类似于Google主页),但我想提供指向上一条和下一条记录的链接,无需注册即可使用该应用程序。
I developed a PHP application that its main use case is fetching some data from a database. I want prevent fetching all record of database data by using fake requests. The UI is simple (similar to Google home page) but I want to provide a link to previous and next records, no sign up is required to use the application.
什么是您建议的解决方案吗?
What is your suggested solution?
*更新:*
假请求是指非人为ei生成的请求
*Update: * By fake request I mean requests that are generated by non-human e.i. some mechanism like cURL, you generally prevent such requests via CAPTCHA.
推荐答案
您可以做一些事情,但是要当心:某些用户可能不喜欢它。
There are a couple of things you can do, but beware: some users may dislike it.
- 如果希望用户登录后才能进行搜索,则必须检查是否存在一个有效的登录用户(我知道这很明显,可能不是您的情况,但可能有助于其他人阅读您的问题)。
- 您可以设置一个请求处理程序(我是ASP.Net家伙),该请求处理程序每秒不允许来自同一IP的请求超过1个,或者每分钟不允许30个请求,等等。 ..
- 就像@ user1781026所说的那样,您的请求应该具有LIMIT(mySql)或TOP(SQL Server),因为通常情况下,用户不需要所有数据库记录大于100或50000,只需为此限制选择一个好数字。
- 您还可能要求用户选择类别或日期范围(例如 this月,上个月,今年 ...)。
- 如果您必须避免任何非人工请求,那么您唯一的选择是(afaik)要求登录或使用验证码。
- If users are expected to log in before they can do a search, then you must check if there is a valid logged in user (I know this is obvious and probably not your case, but may help to another reading your question).
- You can setup a request handler (I'm a ASP.Net guy) that doesn't allows more than 1 request from same IP every second, or 30 request every minute, etc...
- Just as @user1781026 said, your request should have LIMIT (mySql) or TOP (SQL Server), since usually the user is not going to need all your database records if they are more than 100 or 50000, just chose a "good" number for this limit.
- You may also require that the user select a "category" or a range of dates (kind of "this month", "last month", "this year"...).
- If you have to avoid "any" non-human request, then your only choices are (afaik) to require a log in or using a captcha.
这篇关于防止非人为产生的请求的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
