开发者

Prevent Spam on RESTful JSON Webservice

开发者 https://www.devze.com 2023-03-31 16:24 出处:网络
I have a webservice implemented in grails to deal with POSTs from a GWT client. If the user logges in he also could access as well the webservice without GWT just over the browser.

I have a webservice implemented in grails to deal with POSTs from a GWT client. If the user logges in he also could access as well the webservice without GWT just over the browser.

My question is now how can I secure it in a way that its not 开发者_StackOverflow社区possible to spam my webservice with e.g. 1000 new entries just by stress my webservice with a specific posts(maybe over a loop) when logged in?

Same is also for Android clients or if I grant other developers to my webservice and they could POST thousands of data into my webservice.

Is there already a mechanism I can use?

Thanks for your help


Users of this REST api need to be tied to an API key. A cryptographic nonce is usually the tool of choice. In order to be issued this key the user should be required to solve a captcha. Each API key should be limited to a specific number of requests. If the user is sending to many requests, then you should prompt them with a captcha (Which could be an error response to a REST request).

But in order to enforce this rule then you have to keep server-side state on each client, and there for this would not be RESTful. In short, what you are asking is not simply possible with REST.

0

精彩评论

暂无评论...
验证码 换一张
取 消