Beefy Boxes and Bandwidth Generously Provided by pair Networks
Keep It Simple, Stupid
 
PerlMonks  

Re: How to stop web interface bypassing?

by philcrow (Priest)
on Mar 25, 2008 at 15:03 UTC ( #676136=note: print w/ replies, xml ) Need Help??


in reply to How to stop web interface bypassing?

On behalf of everyone who has needed to automatically interface with a browser only web service, let me urge you to at least consider letting people use their own tools to hit your service. This is especially important if there is some business to business relationship involved. Please do not think that your business partners should hire staff to surf your site. That just makes it harder for those of us who must do it automatically, because we cannot afford the staff, to fool you.

Rather, think about the problems and address them. It is never safe to assume that the client in a web interaction is feeding you safe data. You must validate it on the server, even if you have client side validation for the benefit of manual users. If certain people are overloading your site, protect it from them in some way. Perhaps simply by dumping anyone who feeds invalid data.

Every system you use to try to force people to use a browser manually can, and will, be spoofed, since the protocols are fixed and the browsers are well known. You'll have to protect yourself in some other way anyway. This is not an easy problem as you can see from all the captchas and other schemes people try to use to limit spam bots. If the users in question are genuine I would try to accommodate them, not ban them.

Phil

The Gantry Web Framework Book is now available.


Comment on Re: How to stop web interface bypassing?

Log In?
Username:
Password:

What's my password?
Create A New User
Node Status?
node history
Node Type: note [id://676136]
help
Chatterbox?
and the web crawler heard nothing...

How do I use this? | Other CB clients
Other Users?
Others chilling in the Monastery: (8)
As of 2014-07-25 04:01 GMT
Sections?
Information?
Find Nodes?
Leftovers?
    Voting Booth?

    My favorite superfluous repetitious redundant duplicative phrase is:









    Results (167 votes), past polls