slightly [OT] : online DB protection question

jbv jbv.silences at club-internet.fr
Mon Feb 11 11:36:03 CST 2008


Hi list,

I'm working on a promotional online B-to-B web game for a client, using
Rev as cgi engine.
In a few words here's how it works : players have to register first and
then need
to find several clues in successive images. Finding those clues is
pretty easy and
we expect the number of winners to be pretty large; therefore a limited
set of
winners will finally be randomly choosen among those who found all the
clues.

Here's my question : in order to prevent ppl to register hundreds of
times automatically,
or simply to hinder hackers to send large amounts of automatic cgi
requests and to
clutter mySQL tables with useless registrations, I've been asked to
think about some
protection.

So far, the best idea I came with is to deny access to mySQL to more
than 10 requests
from the same IP within the last minute (several ppl in a same
corporation can play
simultaneously and thus will be viewed as the same ip by the server, and
of course none of
them should be denied access to the game).
This can be easily done and won't slow down the scripts at all. Of
course, both "10 requests"
and "last minute" can be adjusted...

I was wondering what you guys are thinking of this approach, and if
anyone has managed
to develop a more efficient strategy in a similar context...

Thanks in advance for your suggestions,
JB




More information about the use-livecode mailing list