投票 - 从停止客户端虐待 - ASP.NET MVC [英] voting - stopping abuse from client side - ASP.NET MVC
问题描述
所以我设计了这个投票件事不让别人投给同一篇文章两次24小时。但是,假设一个人投票,看到的人能投下选票或者说,他正在下降中有24个小时的窗口之后,我禁用了投票铸造按钮(这是所有的Ajax BTW)。
so I have designed this voting thing which does not let somebody vote for the same article twice in 24 hours. However, suppose a person votes and after seeing the person was able to cast vote or that he is falling in that 24 hour window, I disable the vote-casting button (and this is all Ajax btw).
但是,当一个人关他/她的浏览器,并自带备份,甚至刷新页面做什么?很显然,他将无法施展,因为我的算法票,但人仍然会最终作出对服务器的调用成功。所以,如果他真的想,他会不断刷新页面,并点击投票,并把服务器上的不必要的负载。如何避免做某种客户端的事情或东西吗?
But what to do when a person closes his/her browser and comes back up or even refreshes the page? Obviously, he would not be able to cast vote, because of my algorithm, but the person would still end up succeeding in making call to the server. So if he really wanted, he would keep refreshing the page and clicking on the vote and put unnecessary load on the server. How to avoid that by doing some sort of client-side thing or something?
我使用ASP.NET MVC,所以会话变量是不成问题的。
I am using ASP.NET MVC, so session variables are out of question.
我是不是过分关心这个?
Am I being over-concerned by this?
推荐答案
如果投票情况只能从登录(已知)的成员,那么你不应该有任何问题。
If voting happens only from logged in (known) members then you shouldn't have any problem.
如果,在另一方面,每个人都可以投票,那么你需要存储所有用户投票的事件:
If, on the other hand, everyone can vote then you need to store all user vote events:
- 时间戳
- 调查
- poll_vote
- IP
- 用户代理
- 用户唯一性的Cookie
所以,你需要送出的cookie中随机哈希值。这将确保你不接受来自同一人同一调查另一次投票。
So you'll need a random hash sent out as cookie. This will ensure that you don't accept another vote for the same poll from the same person.
如果用户删除你回退到他的饼干B计划,在那里你不允许超过(说)10票以上来自同一个IP和用户代理结合24小时。
If the user deletes his cookies you fallback to plan B, where you don't allow more than (say) 10 votes from the same IP and user agent combination for 24 hours.
该系统是不完美的,因为用户可以更改IP和(更容易)用户代理。你需要先进的模式检测算法来检测可疑的选票。关于存储所有用户投票活动的好处是,你可以在后面使用一个调度程序处理这些,或者外包票对别人谁可以处理你的问题。
The system is not perfect since users can change IPs and (more easily) user agents. You'd need advanced pattern detection algorithms to detect suspicious votes. The good thing about storing all user vote events is that you can process these later on using a scheduler, or outsource the votes to someone else who can process them for you.
好运气
这篇关于投票 - 从停止客户端虐待 - ASP.NET MVC的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
