我需要实现一个匿名投票系统(用户注册是不行的)。我决定最好的选择是将单个项目的投票限制为每个 IP 10 个(以考虑学校等)。
解决这个问题的最佳方法是什么。我正在使用 PHP + MySQL。在高峰时段,每秒最多可能有 20 张选票。我正在使用带有专用 MySQL 服务器的负载平衡前端。
我担心的是每次投票都在数据库中插入一行,然后查询该数据以查看它们是否已达到限制,服务器可能无法处理?
看看MongoDB或其他东西会更好吗?
还有其他想法吗?
问问题
1863 次
6 回答
4
我建议将“投票”状态保存在 cookie 中。这将允许整个学校和办公室进行投票。每个 IP 做 10 次将允许一个地址的单个用户投票 10 次。
显然有一些方法可以解决它,比如清除 cookie 等,但我认为这是一个不错的选择。
于 2011-07-16T16:02:00.283 回答
3
我认为键/值数据库在这里会更好。
此外,您不需要为每张选票都排,每个 IP 只需要 1 行并使用 LIKE 查询
INSERT INTO .. ON DUPLICATE KEY UPDATE
于 2011-07-16T16:06:13.340 回答
2
我需要实现一个匿名投票系统(用户注册是不行的)
IP 不是解决这个问题的方法,因为很多公司/学校只有数千人映射到几个 IP 地址。如果您不希望用户因为匿名投票而登录,我建议您使用 CAPTCHA(recaptcha) 来保护大众投票,因为所有其他技术都可以被熟练的程序员绕过。甚至有可能伪造 IP 地址。我相信在许多 Linux 发行版中,您可以轻松地欺骗 IP。
alfred@alfred-laptop:~/bash$ apt-cache search ^fake$
fake - IP address takeover tool
http://en.wikipedia.org/wiki/IP_address_spoofing#Defense_against_spoofing:
还建议设计网络协议和服务,使它们不依赖 IP 源地址进行身份验证。
但是一个熟练的程序员不能绕过像recaptcha这样经过良好测试的验证码。投票有点困难,但在我看来,这是对抗假投票的唯一方法。验证码也不能使投票系统不受错误投票的影响。制作这样一个系统的唯一方法是使用身份验证。保留允许投票的用户(身份)列表。
解决这个问题的最佳方法是什么。我正在使用 PHP + MySQL。在高峰时段,每秒最多可能有 20 张选票。
这甚至不会让Redis出汗,因为它非常快。
Redis 是一个开源的高级键值存储。它通常被称为数据结构服务器,因为键可以包含字符串、散列、列表、集合和排序集合。
首先是我的系统信息。我喜欢它,但它已经很旧了。
-Computer-
Processor : 2x Intel(R) Core(TM)2 Duo CPU T7100 @ 1.80GHz
Memory : 2051MB (1403MB used)
Operating System : Ubuntu 10.10
User Name : alfred (alfred)
Date/Time : Sat 16 Jul 2011 07:53:20 PM CEST
-Display-
Resolution : 1280x800 pixels
OpenGL Renderer : Unknown
X11 Vendor : The X.Org Foundation
-Multimedia-
Audio Adapter : HDA-Intel - HDA Intel
-Input Devices-
Power Button
Lid Switch
Sleep Button
Power Button
AT Translated Set 2 keyboard
Dell Dell USB Keyboard
Logitech Trackball
PS/2 Logitech Wheel Mouse
Video Bus
-Printers (CUPS)-
Canon-MP150 : <i>Default</i>
HP-Photosmart-b110
-SCSI Disks-
HL-DT-ST DVDRAM GSA-T20N
ATA WDC WD1600BEVS-2
接下来我要对我的 redis 服务器进行基准测试:
alfred@alfred-laptop:~/database/redis-2.2.0-rc4/src$ ./redis-server --version
Redis server version 2.1.12 (00000000:0)
alfred@alfred-laptop:~/database/redis-2.2.0-rc4/src$ ./redis-benchmark
====== PING (inline) ======
10000 requests completed in 0.23 seconds
50 parallel clients
3 bytes payload
keep alive: 1
94.11% <= 1 milliseconds
97.77% <= 2 milliseconds
98.97% <= 3 milliseconds
99.02% <= 4 milliseconds
99.51% <= 6 milliseconds
99.88% <= 7 milliseconds
100.00% <= 7 milliseconds
44052.86 requests per second
====== PING ======
10000 requests completed in 0.23 seconds
50 parallel clients
3 bytes payload
keep alive: 1
87.97% <= 1 milliseconds
97.44% <= 2 milliseconds
98.83% <= 3 milliseconds
99.41% <= 4 milliseconds
99.51% <= 5 milliseconds
99.70% <= 6 milliseconds
100.00% <= 6 milliseconds
43478.26 requests per second
====== MSET (10 keys) ======
10000 requests completed in 0.37 seconds
50 parallel clients
3 bytes payload
keep alive: 1
11.02% <= 1 milliseconds
82.00% <= 2 milliseconds
93.94% <= 3 milliseconds
97.18% <= 4 milliseconds
98.17% <= 5 milliseconds
98.89% <= 6 milliseconds
99.44% <= 7 milliseconds
99.51% <= 9 milliseconds
99.52% <= 10 milliseconds
100.00% <= 10 milliseconds
26881.72 requests per second
====== SET ======
10000 requests completed in 0.24 seconds
50 parallel clients
3 bytes payload
keep alive: 1
86.50% <= 1 milliseconds
96.08% <= 2 milliseconds
97.45% <= 3 milliseconds
97.87% <= 4 milliseconds
99.02% <= 5 milliseconds
99.51% <= 6 milliseconds
99.52% <= 7 milliseconds
100.00% <= 7 milliseconds
40983.61 requests per second
====== GET ======
10000 requests completed in 0.23 seconds
50 parallel clients
3 bytes payload
keep alive: 1
86.06% <= 1 milliseconds
97.51% <= 2 milliseconds
98.89% <= 3 milliseconds
99.65% <= 4 milliseconds
100.00% <= 4 milliseconds
42553.19 requests per second
====== INCR ======
10000 requests completed in 0.23 seconds
50 parallel clients
3 bytes payload
keep alive: 1
90.72% <= 1 milliseconds
96.92% <= 2 milliseconds
98.12% <= 3 milliseconds
98.33% <= 4 milliseconds
99.27% <= 5 milliseconds
99.51% <= 7 milliseconds
100.00% <= 7 milliseconds
43103.45 requests per second
====== LPUSH ======
10000 requests completed in 0.23 seconds
50 parallel clients
3 bytes payload
keep alive: 1
87.92% <= 1 milliseconds
96.35% <= 2 milliseconds
98.26% <= 3 milliseconds
99.51% <= 7 milliseconds
100.00% <= 7 milliseconds
42735.04 requests per second
====== LPOP ======
10000 requests completed in 0.24 seconds
50 parallel clients
3 bytes payload
keep alive: 1
87.75% <= 1 milliseconds
96.67% <= 2 milliseconds
97.77% <= 3 milliseconds
98.64% <= 4 milliseconds
98.65% <= 5 milliseconds
99.80% <= 6 milliseconds
100.00% <= 6 milliseconds
41841.00 requests per second
====== SADD ======
10000 requests completed in 0.23 seconds
50 parallel clients
3 bytes payload
keep alive: 1
89.55% <= 1 milliseconds
96.56% <= 2 milliseconds
97.80% <= 3 milliseconds
98.76% <= 4 milliseconds
99.50% <= 5 milliseconds
99.63% <= 6 milliseconds
100.00% <= 6 milliseconds
42553.19 requests per second
====== SPOP ======
10000 requests completed in 0.25 seconds
50 parallel clients
3 bytes payload
keep alive: 1
88.12% <= 1 milliseconds
96.21% <= 2 milliseconds
97.45% <= 3 milliseconds
97.99% <= 4 milliseconds
98.53% <= 5 milliseconds
99.51% <= 6 milliseconds
100.00% <= 6 milliseconds
40322.58 requests per second
====== LPUSH (again, in order to bench LRANGE) ======
10000 requests completed in 0.24 seconds
50 parallel clients
3 bytes payload
keep alive: 1
89.41% <= 1 milliseconds
96.05% <= 2 milliseconds
97.76% <= 3 milliseconds
98.76% <= 4 milliseconds
99.01% <= 5 milliseconds
99.51% <= 7 milliseconds
99.96% <= 8 milliseconds
100.00% <= 8 milliseconds
42016.81 requests per second
====== LRANGE (first 100 elements) ======
10000 requests completed in 0.40 seconds
50 parallel clients
3 bytes payload
keep alive: 1
11.56% <= 1 milliseconds
76.23% <= 2 milliseconds
91.93% <= 3 milliseconds
94.47% <= 4 milliseconds
97.80% <= 5 milliseconds
99.23% <= 6 milliseconds
99.87% <= 9 milliseconds
100.00% <= 9 milliseconds
24937.66 requests per second
====== LRANGE (first 300 elements) ======
10000 requests completed in 0.86 seconds
50 parallel clients
3 bytes payload
keep alive: 1
2.28% <= 1 milliseconds
10.90% <= 2 milliseconds
35.68% <= 3 milliseconds
63.74% <= 4 milliseconds
86.00% <= 5 milliseconds
92.65% <= 6 milliseconds
94.96% <= 7 milliseconds
97.50% <= 8 milliseconds
98.04% <= 9 milliseconds
98.75% <= 10 milliseconds
99.56% <= 11 milliseconds
99.96% <= 12 milliseconds
100.00% <= 12 milliseconds
11682.24 requests per second
====== LRANGE (first 450 elements) ======
10000 requests completed in 1.15 seconds
50 parallel clients
3 bytes payload
keep alive: 1
1.13% <= 1 milliseconds
6.20% <= 2 milliseconds
10.38% <= 3 milliseconds
27.37% <= 4 milliseconds
53.45% <= 5 milliseconds
74.60% <= 6 milliseconds
89.41% <= 7 milliseconds
95.40% <= 8 milliseconds
98.04% <= 9 milliseconds
98.98% <= 10 milliseconds
99.46% <= 11 milliseconds
99.58% <= 12 milliseconds
99.73% <= 13 milliseconds
99.87% <= 14 milliseconds
100.00% <= 14 milliseconds
8695.65 requests per second
====== LRANGE (first 600 elements) ======
10000 requests completed in 1.45 seconds
50 parallel clients
3 bytes payload
keep alive: 1
0.52% <= 1 milliseconds
6.23% <= 2 milliseconds
10.67% <= 3 milliseconds
16.37% <= 4 milliseconds
27.51% <= 5 milliseconds
46.06% <= 6 milliseconds
60.82% <= 7 milliseconds
79.70% <= 8 milliseconds
90.96% <= 9 milliseconds
96.01% <= 10 milliseconds
97.99% <= 11 milliseconds
99.43% <= 12 milliseconds
99.90% <= 13 milliseconds
100.00% <= 13 milliseconds
6896.55 requests per second
incr操作是您需要的,并且您可以看到我的系统可以处理43103.45 requests per second。
看看MongoDB或其他东西会更好吗?
如上所示,我会推荐redis。
于 2011-07-16T18:13:49.860 回答
1
只需确保您索引 IP 字段,并考虑将其表示为字符串以外的其他内容(例如整数)。有关详细信息,请参见此处:http: //daipratt.co.uk/mysql-store-ip-address/
此外,adlawson 的 cookie 创意很好。您可以同时使用这两者,或者让 IP 地址向您触发警报,您可以在其中进入某个管理屏幕并确定这些 IP 是否看起来像是试图欺骗系统的人而不是学校。
关于 ipv6 的更新:关于当前的虚拟主机,我对 ipv6 没有太多了解,所以不确定是否有专门使用 ipv6 的用户。如果是这样,您可以考虑这些帖子中提出的一些关于如何存储它们的想法:
于 2011-07-16T16:05:41.173 回答
1
您所描述的负载平衡应该没问题。一个专用的 MySQL 服务器不应该有任何查询率的问题。我认为 MongoDB 不会帮助解决这样的问题。像 memcached 这样的东西性能要高得多,但您仍然需要在某些时候将数据发送到更持久的 MySQL DB。
我同意 adlawston 使用 cookie 的观点。您仍然可以拥有可以从单个 IP 投出的票数上限
于 2011-07-16T16:08:18.147 回答
1
10是一个完全任意的值,并且不会考虑在一个面向公众的 IPv4 地址后面可能有数百甚至数千人的办公室。更不用说你可能允许个人投票十次。
显然,这不是一个稳健或适合用途的解决方案。
找到另一种唯一识别人员的方法。
于 2011-07-16T18:50:47.267 回答