0

Imagine I have a HTTP POST action with a method signature of:

RegisterUser(string email, string password)

The implementation of this method does some basic validation (e.g. to see if e-mail doesn't already exist in a user repository) and then stores this information as a record in the user repository.

Say I then go on to make an AJAX call to this action from a "registration" view. If some malicious user looks at the markup of that view on the client-side, they'll pretty easily be able to see the URL to the RegisterUser action and determine what they need to pass to it (email and password).

What is then stopping that user from writing a program that calls this action a 100 million times? What safe guards can I put into place? Is there something I should read up on in ASP.NET MVC that will protect me from such a POST attack?

Thanks

4

2 に答える 2

2

Dynamic IP RestrictionsモジュールをIISにインストールするかthrottling solution、アプリケーションに実装することをお勧めします。これにより、同じユーザーがコントローラーアクションに複数のリクエストを送信できなくなります。DDOSただし、この種の攻撃では、リクエストは異なるIPアドレスから送信されるため、攻撃から保護することはできません。

于 2012-12-29T17:54:06.317 に答える
1

The most common form of prevention against a Denial of Service (DOS) attack which is what you are describing is to use some type of Captcha.

Although this question has been closed it should provide some useful information on implementing this within ASP.NET MVC

于 2012-12-29T14:32:46.793 に答える