dcsimg
A Flash Developer Resource Site

Page 1 of 2 12 LastLast
Results 1 to 20 of 22

Thread: Protecting Submission Form from Flooding

  1. #1
    Senior Member
    Join Date
    Sep 2000
    Posts
    308

    Protecting Submission Form from Flooding

    Hello everyone;

    I am working on a submission form and have finished the script but have not yet implemented any security features that would protect the form from being flooded. I would like to hear what techniques you use to accomplish such a task.

    I do not want to rely on IP-logging alone because that might block legitimate users sharing the same external IP on a LAN. I thought of adding some kind of unique ID to each request. Are there any totally unique variables I can use in PHP to distinguish users? I dont want to use cookies; I want this to be totally server-side.

    Any ideas?

    Thanks a lot.

    Mikhail

  2. #2
    Waaambulance Pilot sk8Krog's Avatar
    Join Date
    Apr 2001
    Location
    moo york city
    Posts
    1,980
    use cookies. They would be put on the person's machine that submited something and others in the same LAN could still use it.
    It must be obvious day at camp stupid

  3. #3
    Senior Member dlowe93's Avatar
    Join Date
    Aug 2001
    Location
    Stumptown
    Posts
    621
    Originally posted by sk8Krog
    use cookies. They would be put on the person's machine that submited something and others in the same LAN could still use it.
    Better yet, use a local shared object. Not server side, but better than a cookie.

    d.
    dlowe93

  4. #4
    Senior Member
    Join Date
    Sep 2000
    Posts
    308
    Hmm... the thing is, such a cookie has to last up to a month. I was thinking of something more like a MAC address type of thing.

  5. #5
    Senior Member dlowe93's Avatar
    Join Date
    Aug 2001
    Location
    Stumptown
    Posts
    621
    Originally posted by mmarkin
    Hmm... the thing is, such a cookie has to last up to a month. I was thinking of something more like a MAC address type of thing.
    Use a local shared object combined with a date object and you're done.

    d.
    dlowe93

  6. #6
    YH Jelly Llama Jockey defuzz's Avatar
    Join Date
    May 2001
    Posts
    464
    if you were desperate you could check the users IP address and only allow one submission from each IP.

    If you're worried that people on networks who share IP's might have problems you could always allow just a certain number form each IP, poeple might still be able to send more than one but you could still restrict them to only x number of submissions.

    I'd have thought cookies would be the easiest way though.

  7. #7
    Senior Member
    Join Date
    Sep 2000
    Posts
    308
    The problem with cookies is that most users clear their data every once in a while; cookies usually dont sit around for an entire month.

  8. #8
    YH Jelly Llama Jockey defuzz's Avatar
    Join Date
    May 2001
    Posts
    464
    they may well erase their cookies but its unlikely they'll keep erasing their cookies just so they can resubmit the form.

    On the other hand if its for a competition or soemthing and you really want to restrict EVERYONE to ONLY one submission then maybe IPs would be the answer.

  9. #9
    Senior Member
    Join Date
    Sep 2000
    Posts
    308
    That is more like what I want to do; Its a survey. I am also aiming at protecting people of extracting the required variables from the page source and using those to submit thousands of fake results.

  10. #10
    YH Jelly Llama Jockey defuzz's Avatar
    Join Date
    May 2001
    Posts
    464
    you can use this PHP code to access a user's IP:

    $variable_name = $GLOBALS['REMOTE_ADDR'];

  11. #11
    Senior Member
    Join Date
    Sep 2000
    Posts
    308
    Yes, I am aware of that...

  12. #12
    Senior Member
    Join Date
    Sep 2000
    Posts
    308

    Multiple Submission of Forms: Let the user know, or keep it secret?

    Hi.

    I am thinking out a security system for a form submission script. I was wondering if I should let the user know that their repeated submissions are not being accepted or if I should just say "thank you" and let them think that they're flooding my database. What do you guys do? What do you think should I do? I am very curious.

    Thanks.

    Mikhail
    Last edited by mmarkin; 05-06-2003 at 04:15 PM.

  13. #13
    Modding with Class JabezStone's Avatar
    Join Date
    Aug 2000
    Location
    Grand Rapids, MI
    Posts
    2,008
    Mikhail,

    I merged your new thread with this one you started last week, since it is still the same topic. Just keeping the Board clean.. thanks!

  14. #14
    Senior Member
    Join Date
    Sep 2000
    Posts
    308
    Sorry about that.... I thought it would be better to keep it separate when I opened it...

    Mikhail

  15. #15
    Registered User
    Join Date
    Feb 2001
    Posts
    13,044
    Hi.

    IP checking is quite unfair to those who use dynamic ip connections
    Many people who are used to clear their cookies would not even know how to clear their local shared objects
    In order to prevent extracting data from the form, you could use a flash form with a one-time mangling function

    Musicman

  16. #16
    Senior Member
    Join Date
    Sep 2000
    Posts
    308
    Alright. Can anyone steer me in the right direction with those local shared objects? This is pretty much the first time I hear about those things.

    Thanks.

    Mikhail

  17. #17
    Senior Member dlowe93's Avatar
    Join Date
    Aug 2001
    Location
    Stumptown
    Posts
    621
    Originally posted by mmarkin
    Alright. Can anyone steer me in the right direction with those local shared objects? This is pretty much the first time I hear about those things.

    Thanks.

    Mikhail
    Explanation here:

    http://www.macromedia.com/support/fl...shared_object/

    Tutorial w/source files here:

    http://www.macromedia.com/support/fl...s/local_so.htm

    It requires the Flash 6 player, but in my opinion it so much easier and reliable than using cookies.

    d.
    dlowe93

  18. #18
    Senior Member
    Join Date
    Sep 2000
    Posts
    308
    Thanks a bunch. I was hoping for something "standard", but I will take a good look at those.

    Thanks again.

    Mikhail

  19. #19
    Senior Member dlowe93's Avatar
    Join Date
    Aug 2001
    Location
    Stumptown
    Posts
    621
    Originally posted by mmarkin
    Thanks a bunch. I was hoping for something "standard", but I will take a good look at those.

    Thanks again.

    Mikhail
    What do you mean by "standard"? I've done quite a bit with local SOs so feel free to email me if you have any questions.

    d.
    dlowe93

  20. #20
    Senior Member
    Join Date
    Sep 2000
    Posts
    308
    I meant no Flash - standard HTML/Server-side scripting.

    Mikhail

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •  




Click Here to Expand Forum to Full Width

HTML5 Development Center