struts-user mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Paul Thomas <p...@tmsl.demon.co.uk>
Subject Re: [OT] Application Security
Date Thu, 12 Jun 2003 08:06:30 GMT

On 11/06/2003 14:15 Denis Avdic wrote:
> What our site is basically about is that people can access some 
> information retrieved from a database.   This person registered and 
> basically went and accessed all of the profiles stored on our server, 
> sequentialy, using an automated process (2 per second).  This was in 
> violation of our acceptable use policy.  My question is what do people 
> use if something like this happens, or how do they handle any other 
> intrusions on all other levels.
> 


Maybe you could limit the number of times per minute the user can execute 
actions. Store some kind of "time of last request" object in the user's 
session and if the last action was less that x seconds ago then just sleep 
for a while. 
-- 
Paul Thomas
+------------------------------+---------------------------------------------+
| Thomas Micro Systems Limited | Software Solutions for the Smaller 
Business |
| Computer Consultants         | 
http://www.thomas-micro-systems-ltd.co.uk   |
+------------------------------+---------------------------------------------+

---------------------------------------------------------------------
To unsubscribe, e-mail: struts-user-unsubscribe@jakarta.apache.org
For additional commands, e-mail: struts-user-help@jakarta.apache.org


Mime
View raw message