Frank
|
| Posted: 02/23/2004, 10:44 AM |
|
Hallo everybody,
as a beginner in CCS, I have had a look at the CCS sample forum.
It looks useful, but I have a question: Is there any mechanism to stop a
hostile attack, which is adding entries in an automatic endless loop, until
the webspace goes to zero?
Can anybody imagine such a "safety-lock" (perhaps IP and time-based), which
is simple to implement with CCS? Such thing might be very useful for a lot
of purposes, where unknows user get the chance to fill up your database.
Thank you in advance.
Regards,
Frank
|
|
|
 |
DonB
|
| Posted: 02/23/2004, 12:07 PM |
|
How about a session variable that gets set to the current time plus some
increment (like 15 seconds)? Each time a post is requested, check the
current time against the session var in the BeforeInsert event and abort the
insert if the time has not elapsed. If the session var does not exist, then
the insert is OK. In the AfterInsert event, set the session var to
establish the next interval.
You can get really devious and store the IP anytime the exceed the threshold
and perhaps disable their login after 3-4 such transgressions. Maybe even
consider multiplying the interval (15, 30, 60, 120, etc) each time they
exceed the threshold.
--
DonB
http://www.gotodon.com/ccbth
"Frank" <cc-studio@onlinehome.de> wrote in message
news:c1dhn0$6gv$1@news.codecharge.com...
> Hallo everybody,
>
> as a beginner in CCS, I have had a look at the CCS sample forum.
>
> It looks useful, but I have a question: Is there any mechanism to stop a
> hostile attack, which is adding entries in an automatic endless loop,
until
> the webspace goes to zero?
>
> Can anybody imagine such a "safety-lock" (perhaps IP and time-based),
which
> is simple to implement with CCS? Such thing might be very useful for a lot
> of purposes, where unknows user get the chance to fill up your database.
>
> Thank you in advance.
>
> Regards,
> Frank
>
>
|
|
|
|
Frank
|
| Posted: 02/24/2004, 10:37 AM |
|
Hallo Don,
thank you for this smart tip.
I will try.
Regards,
Frank
"DonB" <~ccbth~@gotodon.com> schrieb im Newsbeitrag
news:c1dmhq$ke8$1@news.codecharge.com...
> How about a session variable that gets set to the current time plus some
> increment (like 15 seconds)? Each time a post is requested, check the
> current time against the session var in the BeforeInsert event and abort
the
> insert if the time has not elapsed. If the session var does not exist,
then
> the insert is OK. In the AfterInsert event, set the session var to
> establish the next interval.
>
> You can get really devious and store the IP anytime the exceed the
threshold
> and perhaps disable their login after 3-4 such transgressions. Maybe even
> consider multiplying the interval (15, 30, 60, 120, etc) each time they
> exceed the threshold.
>
> --
> DonB
>
> http://www.gotodon.com/ccbth
>
>
> "Frank" <cc-studio@onlinehome.de> wrote in message
>news:c1dhn0$6gv$1@news.codecharge.com...
> > Hallo everybody,
> >
> > as a beginner in CCS, I have had a look at the CCS sample forum.
> >
> > It looks useful, but I have a question: Is there any mechanism to stop a
> > hostile attack, which is adding entries in an automatic endless loop,
> until
> > the webspace goes to zero?
> >
> > Can anybody imagine such a "safety-lock" (perhaps IP and time-based),
> which
> > is simple to implement with CCS? Such thing might be very useful for a
lot
> > of purposes, where unknows user get the chance to fill up your database.
> >
> > Thank you in advance.
> >
> > Regards,
> > Frank
> >
> >
>
>
|
|
|
|
|
