 |
BOOK: ASP.NET 2.0 Website Programming Problem Design Solution ISBN: 978-0-7645-8464-0  | This is the forum to discuss the Wrox book ASP.NET 2.0 Website Programming: Problem - Design - Solution by Marco Bellinaso; ISBN: 9780764584640 |
|
Welcome to the p2p.wrox.com Forums.
You are currently viewing the BOOK: ASP.NET 2.0 Website Programming Problem Design Solution ISBN: 978-0-7645-8464-0 section of the Wrox Programmer to Programmer discussions. This is a community of software programmers and website developers including Wrox book authors and readers. New member registration was closed in 2019. New posts were shut off and the site was archived into this static format as of October 1, 2020. If you require technical support for a Wrox book please contact http://hub.wiley.com
|
|
|
|
|
December 30th, 2008, 11:32 PM
|
|
Authorized User
|
|
Join Date: Oct 2008
Posts: 23
Thanks: 5
Thanked 0 Times in 0 Posts
|
|
Question on Rating items, etc.
Has anyone improved the rating logic? Digging in today, I noticed, the "save" is a db count and rating store, then a cookie for the user. Having deleted cookies many a time, this does seem like a very good way. Before I add a new table and logic, I thought I'd poll the forum and see if anyone has already dealt with this. Thanks.
|
|
December 31st, 2008, 12:25 AM
|
 |
Wrox Author
|
|
Join Date: Jan 2008
Posts: 923
Thanks: 12
Thanked 166 Times in 162 Posts
|
|
The book discusses alternative methods, including rate locking by IP etc. You are right though, that cookies (and IP, for that matter) are far from foolproof. These are merely convenient-to-implement deterrents from repeated rating. They can't prevent it, because these methods work from the client side. There is no client-side method that can truly prevent someone from jacking your ratings.
A more secure method would be to store rating instances in the database. You would have a table with a username column and an article ID column (or whatever is being rated). When a logged-in user rates something, store their username and the ID of the thing being rated in a record. Do a lookup as part of the rating logic, that prevents a user from rating if a record exists matching the user to the item being rated.
If you have multiple things being rated, you'd have to set up a table for each (ArticleRatings, StoreItemRatings, etc.)
Last edited by Lee Dumond; December 31st, 2008 at 12:30 AM..
|
|
The Following User Says Thank You to Lee Dumond For This Useful Post:
|
|
|
December 31st, 2008, 08:44 PM
|
|
Authorized User
|
|
Join Date: Oct 2008
Posts: 23
Thanks: 5
Thanked 0 Times in 0 Posts
|
|
Thanks
Quote:
Originally Posted by Lee Dumond
The book discusses alternative methods, including rate locking by IP etc. You are right though, that cookies (and IP, for that matter) are far from foolproof. These are merely convenient-to-implement deterrents from repeated rating. They can't prevent it, because these methods work from the client side. There is no client-side method that can truly prevent someone from jacking your ratings.
A more secure method would be to store rating instances in the database. You would have a table with a username column and an article ID column (or whatever is being rated). When a logged-in user rates something, store their username and the ID of the thing being rated in a record. Do a lookup as part of the rating logic, that prevents a user from rating if a record exists matching the user to the item being rated.
If you have multiple things being rated, you'd have to set up a table for each (ArticleRatings, StoreItemRatings, etc.)
|
Thanks Lee, I was just being lazy, hoping someone had a nice little neat package all wrapped up.
-s
|
|
December 31st, 2008, 08:48 PM
|
|
Wrox Author
|
|
Join Date: Jan 2008
Posts: 923
Thanks: 12
Thanked 166 Times in 162 Posts
|
|
Quote:
Originally Posted by scottlucas58
Thanks Lee, I was just being lazy, hoping someone had a nice little neat package all wrapped up.
-s
|
Always worth a shot. 
|
|
|
