struts-user mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Adam Hardy <>
Subject [slightly OT] defensive strategy
Date Tue, 13 Apr 2004 10:22:49 GMT
Sorry for posting this OT question but I've got an issue that people on 
this list are very likely to have tackled:

I am developing a traditional online survey app, the kind of thing that 
alot of people must have done. I am wondering how to protect it from 
script-kiddies who might want to see if they can bombard it with fake 

It's basically public and anyone can take part in the surveys it will run.

I put a switch to check for a flag in the session so that people don't 
vote more than once from the websites where the surveys will be deployed.

But I am worried that kids writing scripts will not be stopped by 
session flags. Is it worth writing an algorithm to store the IP 
addresses used for the last hour? Or can they spoof IP addresses?

If it is useful noting the IP addresses, how best should I store them? 
In a hashtable in application scope? In the database? In a session EJB?


struts 1.2 + tomcat 5.0.19 + java 1.4.2
Linux 2.4.20 Debian

To unsubscribe, e-mail:
For additional commands, e-mail:

View raw message