I am developing a traditional online survey app, the kind of thing that alot of people must have done. I am wondering how to protect it from script-kiddies who might want to see if they can bombard it with fake votes.
It's basically public and anyone can take part in the surveys it will run.
I put a switch to check for a flag in the session so that people don't vote more than once from the websites where the surveys will be deployed.
But I am worried that kids writing scripts will not be stopped by session flags. Is it worth writing an algorithm to store the IP addresses used for the last hour? Or can they spoof IP addresses?
If it is useful noting the IP addresses, how best should I store them? In a hashtable in application scope? In the database? In a session EJB?
Thanks!
-- struts 1.2 + tomcat 5.0.19 + java 1.4.2 Linux 2.4.20 Debian
--------------------------------------------------------------------- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
