Tek-Tips is the largest IT community on the Internet today!

Members share and learn making Tek-Tips Forums the best source of peer-reviewed technical information on the Internet!

Register Log in
  • Congratulations strongm on being selected by the Tek-Tips community for having the most helpful posts in the forums last week. Way to Go!

Registering Users 1

Status
Not open for further replies.
LeeGath

LeeGath

Programmer
Jun 3, 2002
13
GB
We are currently implementing a web interface whereby users register themselves, we return a one time only password which they log in and set various security questions.

We have a potential issue where somebody could create a script to fire off thousands of user registrations from one machine and clog up our network. Is there something cute I could do with the log on? Or am I over-reacting and this isn't really an issue?

Thanks
 
Sort by date Sort by votes
That sounds like it would be disasterous to the "web interface" with one script... Is this a forum that you're talking about? Is there something that could block the client that theyre using to run the scripts? Or am I totally wrong and you dont need a client to run scripts.. Reach us at... ,Yang
 
Upvote 0 Downvote
If your using IIS I'd limit the submissions based on client IP you can read the IP by using
Request.ServerVariables("REMOTE_HOST")
if you get more than say 100 requests (must allow for proxy servers AOL etc) disallow additional requests.
You can also do this with session variables however if they aren't accepting the cookie you would have to say "NO" you must accept cookies.

If you need more help just post, however, I would not be incredibly worried as unless its a bank site, you'll only get script kiddies who are pretty stupid to start with.

Hope that helps
 
Upvote 0 Downvote
Unfortunately it is a bank site although it is not a mainstream element and does not directly interface with say current accounts or savings accounts.

Although we are pretty confident the site is secure, because it requires manual authorisation. What we want to prevent is someone sending thousands of requests and slowing the site down. Someone one mentioned changing the tab order of the page so that a script wouldn't work properly. It's a fairly crude method and would probably annoy the genuine users, but I'm not sure of any other options.

I think you have probably confirmed my suspicion that we can get away without implementing a safeguard.

Thanks
 
Upvote 0 Downvote
One more thing you might want to consider is reading the referring url on submission of the registration form if it is not the page you have for this process you could deny the request ( you could also check that it is a post request as well) this would probably kill any scripts since a script would go directly for the processing page.

Good luck with your site


 
Upvote 0 Downvote
Status
Not open for further replies.

Similar threads

ChattyKay
  • Locked
  • Question
Inovis TrustedLink i - Seeking Knowledge Auto Generate Email with Attached EDI PO Documents to Users
Replies
1
Views
220
tdacquisto
tdacquisto
t0mcatus3r
  • Locked
  • Question
tomcat-users.xml getting deleted
Replies
3
Views
78
Diancecht
Diancecht
Roman13
  • Locked
  • Question
Users are able to browse web root. 1
Replies
1
Views
47
guillermodl
guillermodl
HankReadon
  • Locked
  • Question
Graphics co users to input text, upload JPEGs and preview their signs
Replies
0
Views
32
HankReadon
HankReadon
danglingpointers
  • Locked
  • Question
Registering servlets
Replies
10
Views
64
danglingpointers
danglingpointers

Part and Inventory Search

Sponsor

Back
Top