slightly [OT] : online DB protection question
jbv.silences at club-internet.fr
Mon Feb 11 12:36:03 EST 2008
I'm working on a promotional online B-to-B web game for a client, using
Rev as cgi engine.
In a few words here's how it works : players have to register first and
to find several clues in successive images. Finding those clues is
pretty easy and
we expect the number of winners to be pretty large; therefore a limited
winners will finally be randomly choosen among those who found all the
Here's my question : in order to prevent ppl to register hundreds of
or simply to hinder hackers to send large amounts of automatic cgi
requests and to
clutter mySQL tables with useless registrations, I've been asked to
think about some
So far, the best idea I came with is to deny access to mySQL to more
than 10 requests
from the same IP within the last minute (several ppl in a same
corporation can play
simultaneously and thus will be viewed as the same ip by the server, and
of course none of
them should be denied access to the game).
This can be easily done and won't slow down the scripts at all. Of
course, both "10 requests"
and "last minute" can be adjusted...
I was wondering what you guys are thinking of this approach, and if
anyone has managed
to develop a more efficient strategy in a similar context...
Thanks in advance for your suggestions,
More information about the Use-livecode