Probably best thing would be to have accounts...
On Nov 29, 12:27 am, Julien Phalip <[EMAIL PROTECTED]> wrote: > Hi, > > I'm building a rating app, so people can rate any kind of object (e.g. > a video, a news entry, etc.). The rating is done anonymously (there's > no user account on that site) and via an Ajax query. The view > currently only takes one parameter, the rating value (a float), so I > don't think I can use something like Akismet. > > To prevent multiple ratings by the same person, a flag is set in the > session. Obviously it means that the person can rate again if she uses > a different browser or if the session expires, but that's not a big > issue. > > Now, what worries me is potential spam attacks. How can I identify if > the request is from a genuine person or a bot? I started implementing > a system which records IP addresses and prevents anybody to rate twice > from the same IP within a given short time. But if genuine persons are > behind a proxy, IP uniqueness cannot be guaranteed and they may be all > mistaken for a bot. > > Are there some algorithms in Django to cope with this kind of > situations? Maybe passing some kind of key protection in the URL? > > Thanks a lot, > > Julien --~--~---------~--~----~------------~-------~--~----~ You received this message because you are subscribed to the Google Groups "Django users" group. To post to this group, send email to django-users@googlegroups.com To unsubscribe from this group, send email to [EMAIL PROTECTED] For more options, visit this group at http://groups.google.com/group/django-users?hl=en -~----------~----~----~----~------~----~------~--~---