Beefy Boxes and Bandwidth Generously Provided by pair Networks
Problems? Is your data what you think it is?

Re: How to stop web interface bypassing?

by philcrow (Priest)
on Mar 25, 2008 at 15:03 UTC ( #676136=note: print w/replies, xml ) Need Help??

in reply to How to stop web interface bypassing?

On behalf of everyone who has needed to automatically interface with a browser only web service, let me urge you to at least consider letting people use their own tools to hit your service. This is especially important if there is some business to business relationship involved. Please do not think that your business partners should hire staff to surf your site. That just makes it harder for those of us who must do it automatically, because we cannot afford the staff, to fool you.

Rather, think about the problems and address them. It is never safe to assume that the client in a web interaction is feeding you safe data. You must validate it on the server, even if you have client side validation for the benefit of manual users. If certain people are overloading your site, protect it from them in some way. Perhaps simply by dumping anyone who feeds invalid data.

Every system you use to try to force people to use a browser manually can, and will, be spoofed, since the protocols are fixed and the browsers are well known. You'll have to protect yourself in some other way anyway. This is not an easy problem as you can see from all the captchas and other schemes people try to use to limit spam bots. If the users in question are genuine I would try to accommodate them, not ban them.


The Gantry Web Framework Book is now available.
  • Comment on Re: How to stop web interface bypassing?

Log In?

What's my password?
Create A New User
Node Status?
node history
Node Type: note [id://676136]
[tobyink]: Why are you returning $_ n your grep block? You should return a boolean.
[tobyink]: *in your grep block
[tobyink]: You can use grep { $_ =~ /.*$in.*/; } @my_modules but why not stick to grep(/.*$in.*/, @my_modules)? (The latter is faster.)
[shmem]: Lady_Aleena, in the first example grep evaluates the result from grep and if true, returns $_. In the second, it always returns $_
[shmem]: ..the result from the pattern match
[Lady_Aleena]: tobyink, I did after I failed to get the BLOCK to work. I can't seem to get my brain around grep BLOCK, though I'm okay with grep EXPR.
[shmem]: so in the second example grep returns all true elements of the list passed
[Lady_Aleena]: Okay, so grep BLOCK is not like map BLOCK where something might need to be returned at the end.
[tobyink]: grep { $_ =~ /.*$in.*/; } @my_modules should work just fine. The problem is that you were adding on ;$_ at the end of the block. Why were you doing that?
[Lady_Aleena]: tobyink, I was thinking map.

How do I use this? | Other CB clients
Other Users?
Others musing on the Monastery: (7)
As of 2017-05-27 07:42 GMT
Find Nodes?
    Voting Booth?