I don't know exactly how to put this question. I have a blog and I want to count the visits to each blog post. I'm using cache.action, so I can't just increment some counter in the controller function. Then, I'm using javascript, so the cached view sent to every browser contains a small piece of javascript that makes an ajax POST to the server, sending the blog post ID in a post variable.
In the server, the controller/function that receives the post is the one that increments the counter (and it's a public function, it doesn't require login). In addition, that function validates that the blog post ID isn't on session.visited_posts, which is a list that stores all blog post IDs that have been visited in the session. All this is working perfectly. But I'm wondering what would happen if a malicious user starts making posts to the URL, firing up my counters on the db (and of course overloading the system). Is there a way to protect the system from this case? I have to mention that I'm using nginx and I've already configured it to limit request/s per second per ip, and connections per ip. So, my doubt here isn't about flood attacks or something like that, instead I'm more concerned about the possibility of altering the counters on the db. Any comment will be appreciated. Thanks in advance! -- Resources: - http://web2py.com - http://web2py.com/book (Documentation) - http://github.com/web2py/web2py (Source code) - https://code.google.com/p/web2py/issues/list (Report Issues) --- You received this message because you are subscribed to the Google Groups "web2py-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. For more options, visit https://groups.google.com/d/optout.
