0

I am building a web application that allows users to send messages to other users. On the send message page I currently have the user id of the receiver in the URL so the application knows where to send the message i.e. example.com/send-message/user-id/1. The user id is the primary key used to identify the receiver in the database

I am concerned that spammers could go to this page and just keep changing the user id in the URL and spam people on the site very quickly.

The solution I have come up with is to make a long unique id (123154123412). This number will be stored in the user database row and would be used instead of the primary key on the send message page so that a spammer could not easily spam lots of people by changing the id.

Are there any potential problems with this approach that I may have over looked?

If I was to use the unique id throughout the site would it slow the site down significantly. In other words is it quicker to search the database using a primary key than a generated unique id.

Thanks

4

3 回答 3

1

您可以做的另一件事是在会话或 IP 地址在短时间内发送过多消息时暂时阻止它们(例如,消息之间间隔 1 分钟,每 15 分钟最多 5 条消息)。

于 2011-11-29T13:36:56.263 回答
0

这种方法是绝对没用的。

只要您网站的用户允许向其他用户发送消息,垃圾邮件发送者就会使用您发明的任何 ID。

唯一的方法是限制每小时的收件人和/或消息的数量。

于 2011-11-29T13:52:25.710 回答
-1

我会说允许人们在网站上任意向其他成员发送消息通常是一个坏主意(除非我认为这是该网站的重点)。您可能会阻止自动垃圾邮件机器人,但有很多人愿意付钱让真正的人四处走动并手动发送消息。首先,您可能应该只允许已登录的成员向以某种方式“接受”该成员的其他人发送消息——朋友、允许来自的消息等。

至于使用长 UID,只要您正确设置了数据库,唯一的性能“命中”可能是在生成它时,但如果您使用它代替主键,它不会减慢您的网站速度ID。

于 2011-11-29T13:44:53.180 回答