tomcat-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Dakota Jack <crackwil...@gmail.com>
Subject Re: method to protect webapps from users
Date Wed, 27 Oct 2004 14:41:18 GMT
I definitely would be interested in seeing this code, although I am
not sure what your question is.  Maybe seeing the code will clear this
up.

Jack


On Wed, 27 Oct 2004 09:23:01 +0100 (BST), peterm@granada-learning.com
<peterm@granada-learning.com> wrote:
> hi guys,
> 
> I'm new to this list, but a long time user of Tomcat.  For a long time now
> I've had a problem which I'm sure most of you are familiar with ; users.
> 
> As always happens with any app in development the final tidy up stuff gets
> left too late and some stuff gets missed out.  The bit in this case was
> holding screens for long running requests.
> 
> I've written a filter which will take any request and after a defined
> period of time send a generic "please wait" page, after the original
> request has finished it will then forward the proper response.
> 
> To get this to work properly there is an extra benefit, it can in a lot of
> cases stop double clickers by ignoring requests that have been defined as
> those not supposed to run concurrently for a given session.
> 
> My current implemntation is container agnostic which I'm not really happy
> with as it means the "please wait" page must be large enough to force a
> send of the data though the response stream, however I'm loathe to hack
> into the tomcat code to get low enough to fix this unless it is part of
> tomcat.  The second problem is detecting multi-part requests and not
> allowing the "please wait" page until the multi-part data has been
> gathered, currently I just exclude those requests, again a lower level
> access would allow this to be fixed properly.
> 
> Is this filter or a derivative something that would be of interest?
> 
> The basic features that I've implemented are :
> 
> please wait page after some defined period with no user coding
> Multiple concurrent request per session selectively disabled by URL
> 
> I can post the code or distribute however people want if this is something
> you are interested in.
> 
> In live web-apps I've found this invaluable as users don't get web-apps
> and are very impatient, even if the problem is their dodgy old modem or
> asking an app to do something it was never designed for.
> 
> Before anyone says it I know this is a complete perversion of everything
> that is supposed to happen in a web-app, however in the real world users
> won't wait 5 seconds for anything unless they are being told it's under
> way and I've never got holding screens in all the right places yet.  This
> covers them all and where possible reduces the ability of a single user to
> submit 100 concurrent requests by hammering a submit button in
> frustration.
> 
> Any feed back is most welcome
> 
> Thanks
> 
> Peter Mengell
> 
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: tomcat-dev-unsubscribe@jakarta.apache.org
> For additional commands, e-mail: tomcat-dev-help@jakarta.apache.org
> 
> 


-- 
"You can't wake a person who is pretending to be asleep."

~Native Proverb~

"Each man is good in His sight. It is not necessary for eagles to be crows."

~Hunkesni (Sitting Bull), Hunkpapa Sioux~

---------------------------------------------------------------------
To unsubscribe, e-mail: tomcat-dev-unsubscribe@jakarta.apache.org
For additional commands, e-mail: tomcat-dev-help@jakarta.apache.org


Mime
View raw message