« Return to Thread: xmlhttprequest and data protection
xmlhttprequest and data protection
by Lukasz Michalski
::
Rate this Message:
Hi,
I am trying to create web page that, after loaded, will dynamically
request for data when user interacts with it.
After some research I plan to use javascript and XmlHttpRequest to get
this data and add it to already rendered document.
One very good example of similar application is here:
http://genshi.edgewall.org/wiki/GenshiTutorial#AjaxifiedCommenting
If I do it this way, then can someone send thousands of XMLHTTPRequests
to my server and retrieve all data that is avaliable? If this can be
done then how can I protect against it?
One idea I have is to track user using cookie and control how often he
is requesting data and limit number of requests that are coming in
session, but I think that this is not enough.
As fairly new to js, ajax and cherrypy I would appreciate any ideas or
references regarding this problem. I know that there is no method that
will protect it completely, I just want to make it not trivial.
Regards,
Ćukasz
I am trying to create web page that, after loaded, will dynamically
request for data when user interacts with it.
After some research I plan to use javascript and XmlHttpRequest to get
this data and add it to already rendered document.
One very good example of similar application is here:
http://genshi.edgewall.org/wiki/GenshiTutorial#AjaxifiedCommenting
If I do it this way, then can someone send thousands of XMLHTTPRequests
to my server and retrieve all data that is avaliable? If this can be
done then how can I protect against it?
One idea I have is to track user using cookie and control how often he
is requesting data and limit number of requests that are coming in
session, but I think that this is not enough.
As fairly new to js, ajax and cherrypy I would appreciate any ideas or
references regarding this problem. I know that there is no method that
will protect it completely, I just want to make it not trivial.
Regards,
Ćukasz
signature.asc (266 bytes) « Return to Thread: xmlhttprequest and data protection
| Free Forum Powered by Nabble | Forum Help |
