I have a webservice implemented in grails to deal with POSTs from a GWT client. If the user logges in he also could access as well the webservice without GWT just over the browser.
My question is now how can I secure it in a way that its not 开发者_StackOverflow社区possible to spam my webservice with e.g. 1000 new entries just by stress my webservice with a specific posts(maybe over a loop) when logged in?
Same is also for Android clients or if I grant other developers to my webservice and they could POST thousands of data into my webservice.
Is there already a mechanism I can use?
Thanks for your help
Users of this REST api need to be tied to an API key. A cryptographic nonce is usually the tool of choice. In order to be issued this key the user should be required to solve a captcha. Each API key should be limited to a specific number of requests. If the user is sending to many requests, then you should prompt them with a captcha (Which could be an error response to a REST request).
But in order to enforce this rule then you have to keep server-side state on each client, and there for this would not be RESTful. In short, what you are asking is not simply possible with REST.
![Interactive visualization of a graph in python [closed]](https://www.devze.com/res/2023/04-10/09/92d32fe8c0d22fb96bd6f6e8b7d1f457.gif)
加载中,请稍侯......
精彩评论