Voting should be rate-limited #4
Conversation
|
As I have been implementing this I realise that this possibly causes more issues for regular users. As far as I know I can only identify a user by their IP address. This would mean that a group of people on the same network could not create new votes at the same time without hitting the rate limit. An alternative would be to implement something similar to pantopticlick but this could easily be spoofed by a bot therefor making the implementation worthless. It would be good to get ideas from anyone who stumbles upon this issue. |
| @@ -1,17 +1,18 @@ | |||
| class VotesController < ApplicationController | |||
| before_filter :set_question, only: [:show] | |||
| before_filter :set_question_id, only: [:update] | |||
There was a problem hiding this comment.
This is not wrong and I know it is the rails way but since this is only used in the update function (applies to the other filters below too), I think it is better to keep it inside the respective function. This seems like a premature optimization.
Again, nothing wrong in doing it the way you have it.
Voting is easily venerable to being hit by a single user by deleting cookies.
Change of vote should not be limited
Creation of new vote should be limited to 1 new vote per minute