如何保护我的AJAX服务？ [英] How do I protect my AJAX services?

问题描述

现在我正在处理的评论/覆盖在谷歌地图本地餐馆推荐服务。基本上Yelp的，但仅限于一定的利基。总之，因为我不希望有一次加载每个位置和审查，我终于进入使用jQuery和AJAX调用。

Right now I'm working on a service that handles reviews/recommendations of local restaurants overlayed on Google Maps. Basically Yelp, but restricted to a certain niche. Anyhow, since I don't want to have to load every location and review at once, I'm finally getting into using jQuery and AJAX calls.

我的问题是：我如何prevent其他人'刮'从我的AJAX脚本中的数据在服务器上

The question I have is: How do I prevent other people from 'scraping' data from my ajax scripts on the server?

在主地图/位置信息的功能必须是公开的，在用户不应该登录使用该应用程序，因此它可以简单地归结为使得它的困难的刮。我希望你们中的一个AJAX的老将在那里可以在一个更好的主意的方向指向了我，或者说我一直无法一些最佳实践文档找到呢。

The main map/location info functionality needs to be public, in that users should not have to log in to use the application, so it may simply boil down to making it difficult to scrape. I'm hoping that one of you AJAX veteran out there can point me in the direction of a better idea, or some 'best practices' docs that I haven't been able to find yet.

到目前为止，所有我已经能够拿出是：

So far all I've been able to come up with is:

• 在面向用户的脚本在服务器上打开一个短暂的会议和AJAX调用没有活动的会话将不会运行。
• 发送某种形式的访问密钥连同申请code和要求，在所有的AJAX来电。但不知道如何以最佳的方式，这不是很轻松绕过实现这一点。

推荐答案

您不能完全保护您的AJAX的Web服务。即使你裂伤您的数据和模糊处理的源$ C ​​$ C，这是微不足道的，只是火了一个包嗅探器或调试代理，数字出来，并从它刮掉。

You can't completely protect your AJAX web services. Even if you mangle your data and obfuscate your source code, it is trivial to just fire up a packet sniffer or debugging proxy, figure it out, and scrape from it.

我会做的正是你提出...只有用户在网站上可以拨打电话活动会话。然后从那里，油门请求。

What I would do is exactly what you propose... only users with an active session on the site can make calls. Then from there, throttle requests.

即使是繁忙的普通用户不会使超过少数每分钟的请求。您可以分析日志，找出一个好数字会。即使你限制你的服务，以每分钟20个电话，那样的限制使得它相当无用的人认为要复制您的所有内容。

Even a busy normal user won't make more than a handful of requests per minute. You can analyze your logs to figure out what a good number would be. Even if you limited your service to 20 calls per minute, that kind of limitation makes it fairly useless for folks that want to duplicate all of your content.

不要限制只对会话数据要么...留意IP地址。这是完全有可能断火的请求，并得到一个新的会话在任何时间。定期检查你的日志，检查是否有越来越透，并相应地调整自己的战略。

Don't limit just on session data either... keep an eye on IP addresses. It's entirely possible to fire off a request and get a new session at any time. Periodically check your logs to see if anything is getting through, and adjust your strategy accordingly.

最后，定期搜索内容。谷歌是寻找著作权侵权一大利器。如果使用特定的数据，例如GPS坐标，可以实际水印的坐标与在坐标轴的噪声区域的特定值。

Finally, regularly search for your content. Google is a great tool for finding copyright infringers. If you use specific data, such as GPS coordinates, you can actually watermark the coordinates with a specific value in the noise area of the coordinate.

这篇关于如何保护我的AJAX服务？的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！