Last week, we had the author of TDD for a Shopping Website LiveProject. Friday at 11am Ranch time, Steven Solomon will be hosting a live TDD session just for us. See for the agenda and registration link
  • Post Reply Bookmark Topic Watch Topic
  • New Topic
programming forums Java Mobile Certification Databases Caching Books Engineering Micro Controllers OS Languages Paradigms IDEs Build Tools Frameworks Application Servers Open Source This Site Careers Other Pie Elite all forums
this forum made possible by our volunteer staff, including ...
Marshals:
  • Campbell Ritchie
  • Paul Clapham
  • Ron McLeod
  • Jeanne Boyarsky
  • Tim Cooke
Sheriffs:
  • Liutauras Vilda
  • paul wheaton
  • Henry Wong
Saloon Keepers:
  • Tim Moores
  • Tim Holloway
  • Stephan van Hulst
  • Carey Brown
  • Frits Walraven
Bartenders:
  • Piet Souris
  • Himai Minh

Browser Request vs Tool Request

 
Ranch Hand
Posts: 224
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
There is a page which does not need any sign in to get accessed. That means, one can directly hit the URL and see that page. When that page is loaded it loads a video and using Ajax makes a request to the server, to increment the view count of the video. Again, if somebody uses something like "firebug", he can see the URL for the request.

The problem is any body can use a load test tool, to mimic the request and increase the video view count, without actually viewing it.

Is there a way to make sure that the request comes from inside a Browser and not some tool ?
Or, how do you suggest to solve this?

Thanks
 
author
Posts: 15385
6
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
There is nothing you can do. Anyone that uses a proxy tool such as Fiddler can also see the requests and call them.

Eric
 
Mishra Anshu
Ranch Hand
Posts: 224
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
Thanks Eric !
I think so too. By the way, is there a way in AJAX to set some request attribute (not parameters, which can be mimicked) value, before calling the server URL ? If yes, then the server code can find it and increment the count.
 
Marshal
Posts: 27211
87
Eclipse IDE Firefox Browser MySQL Database
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
There is nothing you can do. Any request that can be sent via AJAX can also be sent via one of those tools.
 
Rancher
Posts: 43027
76
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
Why isn't the counter triggered on the server by downloading the video?
 
Mishra Anshu
Ranch Hand
Posts: 224
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
Because, since people normally don't watch the whole videos. If the counting mechanism is invoked after downloading the video, the view count will be too less.
 
(instanceof Sidekick)
Posts: 8791
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
Generate a random token on the page, send it along with the AJAX request, only accept it once on the server?
 
Amateurs built google. Professionals built the titanic. We can't find the guy that built this tiny ad:
Free, earth friendly heat - from the CodeRanch trailboss
https://www.kickstarter.com/projects/paulwheaton/free-heat
reply
    Bookmark Topic Watch Topic
  • New Topic