On 11/06/2003 14:15 Denis Avdic wrote:
What our site is basically about is that people can access some information retrieved from a database. This person registered and basically went and accessed all of the profiles stored on our server, sequentialy, using an automated process (2 per second). This was in violation of our acceptable use policy. My question is what do people use if something like this happens, or how do they handle any other intrusions on all other levels.
Maybe you could limit the number of times per minute the user can execute actions. Store some kind of "time of last request" object in the user's session and if the last action was less that x seconds ago then just sleep for a while. --
Paul Thomas
+------------------------------+---------------------------------------------+
| Thomas Micro Systems Limited | Software Solutions for the Smaller Business |
| Computer Consultants | http://www.thomas-micro-systems-ltd.co.uk |
+------------------------------+---------------------------------------------+
--------------------------------------------------------------------- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
