Wrox Programmer Forums
|
BOOK: ASP.NET 2.0 Website Programming Problem Design Solution ISBN: 978-0-7645-8464-0
This is the forum to discuss the Wrox book ASP.NET 2.0 Website Programming: Problem - Design - Solution by Marco Bellinaso; ISBN: 9780764584640
Welcome to the p2p.wrox.com Forums.

You are currently viewing the BOOK: ASP.NET 2.0 Website Programming Problem Design Solution ISBN: 978-0-7645-8464-0 section of the Wrox Programmer to Programmer discussions. This is a community of software programmers and website developers including Wrox book authors and readers. New member registration was closed in 2019. New posts were shut off and the site was archived into this static format as of October 1, 2020. If you require technical support for a Wrox book please contact http://hub.wiley.com
 
Old December 30th, 2008, 11:32 PM
Authorized User
 
Join Date: Oct 2008
Posts: 23
Thanks: 5
Thanked 0 Times in 0 Posts
Default Question on Rating items, etc.

Has anyone improved the rating logic? Digging in today, I noticed, the "save" is a db count and rating store, then a cookie for the user. Having deleted cookies many a time, this does seem like a very good way. Before I add a new table and logic, I thought I'd poll the forum and see if anyone has already dealt with this. Thanks.
 
Old December 31st, 2008, 12:25 AM
Lee Dumond's Avatar
Wrox Author
 
Join Date: Jan 2008
Posts: 923
Thanks: 12
Thanked 166 Times in 162 Posts
Default

The book discusses alternative methods, including rate locking by IP etc. You are right though, that cookies (and IP, for that matter) are far from foolproof. These are merely convenient-to-implement deterrents from repeated rating. They can't prevent it, because these methods work from the client side. There is no client-side method that can truly prevent someone from jacking your ratings.

A more secure method would be to store rating instances in the database. You would have a table with a username column and an article ID column (or whatever is being rated). When a logged-in user rates something, store their username and the ID of the thing being rated in a record. Do a lookup as part of the rating logic, that prevents a user from rating if a record exists matching the user to the item being rated.

If you have multiple things being rated, you'd have to set up a table for each (ArticleRatings, StoreItemRatings, etc.)
__________________
Visit my blog at http://leedumond.com
Follow me on Twitter: http://twitter.com/LeeDumond

Code:
if (this.PostHelpedYou)
{
   ClickThanksButton(); 
}

Last edited by Lee Dumond; December 31st, 2008 at 12:30 AM..
The Following User Says Thank You to Lee Dumond For This Useful Post:
scottlucas58 (December 31st, 2008)
 
Old December 31st, 2008, 08:44 PM
Authorized User
 
Join Date: Oct 2008
Posts: 23
Thanks: 5
Thanked 0 Times in 0 Posts
Default Thanks

Quote:
Originally Posted by Lee Dumond View Post
The book discusses alternative methods, including rate locking by IP etc. You are right though, that cookies (and IP, for that matter) are far from foolproof. These are merely convenient-to-implement deterrents from repeated rating. They can't prevent it, because these methods work from the client side. There is no client-side method that can truly prevent someone from jacking your ratings.

A more secure method would be to store rating instances in the database. You would have a table with a username column and an article ID column (or whatever is being rated). When a logged-in user rates something, store their username and the ID of the thing being rated in a record. Do a lookup as part of the rating logic, that prevents a user from rating if a record exists matching the user to the item being rated.

If you have multiple things being rated, you'd have to set up a table for each (ArticleRatings, StoreItemRatings, etc.)
Thanks Lee, I was just being lazy, hoping someone had a nice little neat package all wrapped up.
-s
 
Old December 31st, 2008, 08:48 PM
Lee Dumond's Avatar
Wrox Author
 
Join Date: Jan 2008
Posts: 923
Thanks: 12
Thanked 166 Times in 162 Posts
Default

Quote:
Originally Posted by scottlucas58 View Post
Thanks Lee, I was just being lazy, hoping someone had a nice little neat package all wrapped up.
-s
Always worth a shot.
__________________
Visit my blog at http://leedumond.com
Follow me on Twitter: http://twitter.com/LeeDumond

Code:
if (this.PostHelpedYou)
{
   ClickThanksButton(); 
}





Similar Threads
Thread Thread Starter Forum Replies Last Post
Reset Article View Count and Rating retroviz BOOK: ASP.NET 2.0 Website Programming Problem Design Solution ISBN: 978-0-7645-8464-0 2 July 20th, 2008 10:43 AM
Rating &ViewCount do not increment tectrix BOOK: ASP.NET 2.0 Website Programming Problem Design Solution ISBN: 978-0-7645-8464-0 15 May 30th, 2007 06:46 AM
Beginner Question - ComboBox Items edusem C# 2005 3 April 1st, 2007 10:10 AM
Menu Items JoBi C# 0 October 20th, 2004 08:51 PM
displaying 6 items only having 20 items Lakshmi KS VB Components 1 February 17th, 2004 10:34 AM





Powered by vBulletin®
Copyright ©2000 - 2020, Jelsoft Enterprises Ltd.
Copyright (c) 2020 John Wiley & Sons, Inc.