如何保护具有投票功能的画廊
我计划准备一个带有投票选项的画廊(用 php 编写)。但是,我遇到了安全问题,并且不知道如何解决它们。
我希望每 24 小时只能投票一次。我尝试使用 IP 地址验证,但根据 ISP 的不同,重新连接后它可能会发生变化。可以从计算机中删除 Cookie。
我考虑了另一种方法:向该人发送一封电子邮件,其中包含他们点击投票的链接。它将保存在数据库中,对 IP 地址和电子邮件地址有 24 小时限制。
不幸的是,这些选项并不能提供保证。您还有更多安全提示吗?你还有什么建议吗?
PS-验证码看起来不错,但用户可能在遇到任何困难时不想投票。
I plan to prepare a gallery (in php) with a voting option. However, I've got security problems and do not know how to resolve them.
I would like it to be possible to vote only one time per 24 hours. I tried to use IP address verification, but depending on ISP it may change after reconnection. Cookies can be removed from the computer.
I considered another approach: sending an email to the person with a link that they click to vote. That would be saved in the db with 24 hour restriction for IP address and email address.
Unfortunately these options do not give a guarantee. Do you have any more security tips? Would you advise something else?
PS- A CAPTCHA seems nice, but users may not want to vote while experiencing any difficulties.
如果你对这篇内容有疑问,欢迎到本站社区发帖提问 参与讨论,获取更多帮助,或者扫码二维码加入 Web 技术交流群。
绑定邮箱获取回复消息
由于您还没有绑定你的真实邮箱,如果其他用户或者作者回复了您的评论,将不能在第一时间通知您!
发布评论
评论(2)
为什么不只允许登记投票。
why not to allow vote only to registered.
这可以通过默默无闻来实现。正如 Subdigger 和 Oltarus 所说,只向注册用户投票是唯一真正的方式。
大多数自动轮询代码仅直接提交到表单。您可以设置 cookie 并记录用户活动,以查看他们在提交之前是否确实访问了投票页面。
This can be achieved through obscurity. As Subdigger and Oltarus stated, voting only to registered users are the only real way.
Most automated polling code only submit to the form directly. You can set a cookie and record the user activity to see if they actually visit the polling page before submitting.