Return-Path: Delivered-To: apmail-jakarta-tomcat-user-archive@apache.org Received: (qmail 85084 invoked from network); 6 Feb 2003 18:22:42 -0000 Received: from exchange.sun.com (192.18.33.10) by daedalus.apache.org with SMTP; 6 Feb 2003 18:22:42 -0000 Received: (qmail 8233 invoked by uid 97); 6 Feb 2003 18:24:13 -0000 Delivered-To: qmlist-jakarta-archive-tomcat-user@nagoya.betaversion.org Received: (qmail 8226 invoked from network); 6 Feb 2003 18:24:13 -0000 Received: from daedalus.apache.org (HELO apache.org) (208.185.179.12) by nagoya.betaversion.org with SMTP; 6 Feb 2003 18:24:13 -0000 Received: (qmail 83068 invoked by uid 500); 6 Feb 2003 18:22:17 -0000 Mailing-List: contact tomcat-user-help@jakarta.apache.org; run by ezmlm Precedence: bulk List-Unsubscribe: List-Subscribe: List-Help: List-Post: List-Id: "Tomcat Users List" Reply-To: "Tomcat Users List" Delivered-To: mailing list tomcat-user@jakarta.apache.org Received: (qmail 83025 invoked from network); 6 Feb 2003 18:22:16 -0000 Received: from unknown (HELO wilson.dc.Blackboard.com) (64.124.103.135) by daedalus.apache.org with SMTP; 6 Feb 2003 18:22:16 -0000 Received: from madison.dc.Blackboard.com ([10.8.0.112]) by wilson.dc.Blackboard.com with Microsoft SMTPSVC(5.0.2195.3779); Thu, 6 Feb 2003 13:22:18 -0500 X-MimeOLE: Produced By Microsoft Exchange V6.0.6249.0 content-class: urn:content-classes:message MIME-Version: 1.0 Content-Type: text/plain; charset="US-ASCII" Content-Transfer-Encoding: quoted-printable Subject: RE: how to block Date: Thu, 6 Feb 2003 13:22:18 -0500 Message-ID: <66337F04F2A1E440BF87F2080B5F537001481F16@madison.dc.Blackboard.com> X-MS-Has-Attach: X-MS-TNEF-Correlator: Thread-Topic: how to block Thread-Index: AcLOCy0HbmKq0zLRQpeSXlyM3Iex0gAALhNg From: "Tim Moore" To: "Tomcat Users List" X-OriginalArrivalTime: 06 Feb 2003 18:22:18.0669 (UTC) FILETIME=[AEC23DD0:01C2CE0C] X-Spam-Rating: daedalus.apache.org 1.6.2 0/1000/N X-Spam-Rating: daedalus.apache.org 1.6.2 0/1000/N Check out the "synchronizer token" pattern from Core J2EE Patterns. In a nutshell, you provide the form with a unique one-time-use token that it submits with the form. The form submission handler checks to see if that token has been submitted before, and if so, rejects the request. Struts includes an implementation of this pattern; check out the generateToken and isTokenValid methods on Action. Additionally, it's not too hard to write JavaScript that will disable a submit button after it is clicked. --=20 Tim Moore / Blackboard Inc. / Software Engineer 1899 L Street, NW / 5th Floor / Washington, DC 20036 Phone 202-463-4860 ext. 258 / Fax 202-463-4863 > -----Original Message----- > From: Bing Zhang [mailto:BZhang@7thonline.com]=20 > Sent: Thursday, February 06, 2003 1:10 PM > To: 'Tomcat Users List' > Cc: Dan Yin; Jimmy Wu; Daniel Ruiz > Subject: how to block=20 >=20 >=20 > Hi all: >=20 > I have one problem right now, which many people here on=20 > the list should have already experienced. >=20 > For example, some post from browser take some time on=20 > the server side(servlet code) to process. Often times=20 > impatient user will click multiple times on the "submit"=20 > button, Or "malicious" user will hold "Enter" key to request=20 > it million times. What's going to happen on the server side > is: multiple threads onto the same servlet would be launched=20 > and resources would be used up, like connections, and CPU=20 > processing time. =20 >=20 > So what's a general approach to prevent this ?? No=20 > matter the solution is on the client side (HTML/JavaScript),=20 > the server side(servlet/JSP), or combined. Can you guys pass=20 > some experience, ideas, thoughts on this ?? >=20 > Thank you so much.=20 >=20 > Bing >=20 > --------------------------------------------------------------------- > To unsubscribe, e-mail: tomcat-user-unsubscribe@jakarta.apache.org > For additional commands, e-mail: tomcat-user-help@jakarta.apache.org >=20 >=20 --------------------------------------------------------------------- To unsubscribe, e-mail: tomcat-user-unsubscribe@jakarta.apache.org For additional commands, e-mail: tomcat-user-help@jakarta.apache.org