tomcat-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Subir Sengupta <>
Subject RE: how to block
Date Thu, 06 Feb 2003 19:35:33 GMT
Here's how to do what Tim is talking about


-----Original Message-----
From: Tim Moore []
Sent: Thursday, February 06, 2003 10:22 AM
To: Tomcat Users List
Subject: RE: how to block 

Check out the "synchronizer token" pattern from Core J2EE Patterns.  In
a nutshell, you provide the form with a unique one-time-use token that
it submits with the form.  The form submission handler checks to see if
that token has been submitted before, and if so, rejects the request.

Struts includes an implementation of this pattern; check out the
generateToken and isTokenValid methods on Action.

Additionally, it's not too hard to write JavaScript that will disable a
submit button after it is clicked.

Tim Moore / Blackboard Inc. / Software Engineer
1899 L Street, NW / 5th Floor / Washington, DC 20036
Phone 202-463-4860 ext. 258 / Fax 202-463-4863

> -----Original Message-----
> From: Bing Zhang [] 
> Sent: Thursday, February 06, 2003 1:10 PM
> To: 'Tomcat Users List'
> Cc: Dan Yin; Jimmy Wu; Daniel Ruiz
> Subject: how to block 
> Hi all:
> 	I have one problem right now, which many people here on 
> the list should have already experienced.
> 	For example, some post from browser take some time on 
> the server side(servlet code) to process.  Often times 
> impatient user will click multiple times on the "submit" 
> button, Or "malicious" user will hold "Enter" key to request 
> it million times.  What's going to happen on the server side
> is:  multiple threads onto the same servlet would be launched 
> and resources would be used up, like connections, and CPU 
> processing time.  
>       So what's a general approach to prevent this ??  No 
> matter the solution is on the client side (HTML/JavaScript), 
> the server side(servlet/JSP), or combined.  Can you guys pass 
> some experience, ideas, thoughts on this ??
> 	Thank you so much. 
> 	Bing
> ---------------------------------------------------------------------
> To unsubscribe, e-mail:
> For additional commands, e-mail:

To unsubscribe, e-mail:
For additional commands, e-mail:

To unsubscribe, e-mail:
For additional commands, e-mail:

View raw message