问题描述
我有一个站点,用户可以使用AJAX向名为like.php
的文件提交消息.在此文件中,将用户消息提交到数据库,然后将链接发送回用户.在我的Javascript代码中,我禁用了用户在提交AJAX请求时键入的文本框.
I have a site where a user submits a message using AJAX to a file called like.php
. In this file the users message is submitted to a database and it then sends a link back to the user. In my Javascript code I disabled the text box the user types into when they submit the AJAX request.
唯一的问题是,恶意用户可以不断向like.php
发送POST请求并淹没我的数据库.因此,我想实施简单的防洪保护.
The only problem is, a malicious user can just constantly send POST requests to like.php
and flood my database. So I would like to implement simple flood protection.
我真的不想让另一个数据库表记录用户IP的麻烦,例如……好像他们正在泛滥我的网站一样,会有很多数据库读/写操作会减慢它的速度.我考虑过使用会话,例如有一个包含时间戳的会话,该会话在每次将数据发送到like.php
时都会进行检查,如果当前时间在时间戳之前,则让他们将数据添加到数据库,否则发送错误并阻止他们.如果允许他们在数据库中输入内容,请使用新的时间戳更新其会话.
I don't really want the hassle of another database table logging users IPs and such... as if they are flooding my site there will be a lot of database read/writes slowing it down. I thought about using sessions, like have a session that contains a timestamp that gets checked every time they send data to like.php
, and if the current time is before the timestamp let them add data to the database, otherwise send out an error and block them. If they are allowed to enter something into the database, update their session with a new timestamp.
您怎么看?这是最好的方法还是有更简单的替代方法?
What do you think? Would this be the best way to go about it or are there easier alternatives?
感谢您的帮助. :)
推荐答案
使用令牌.您生成令牌并将其添加到发起请求的页面中.在like.php
中,您验证该请求包含有效的令牌,这意味着该请求来自您的页面,而不是直接来自外部的POST.
Use a token. You generate the token and add it to the page originating the request. In like.php
you verify that the request contains a valid token, which means it comes from your page instead of an external one POSTing directly.
这篇关于快速简便的防洪保护?的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持!