Who's accessing your Web applications? If you think only humans are registering and logging in, you may be surprised. Learn how to teach your application to differentiate between humans and machines and reject automated registration and login requests.
by William Tay
June 10, 2004
epending on which side of the consumer-business equation you are on, you might either expect to perform a transaction with another machine or you might expect a person to be on the other end of the transaction. When you run a business that requires legitimate user-accounts, you may be surprised to find that some of your accounts may belong to a single person—one using a skillfully-crafted script running on his machine to create many "virtual" accounts with your business. These accounts tie up your resources, bandwidth, and other time and materials.
The process by which such scripts create accounts is called identity spoofing, and—for most simple sites—can be accomplished rather easily. All the spoofer needs to do is to create an HTML form that contains fields identical to those in your login form and then "HTTP-POST" the data to your server, where your user-account creation process takes place. The problem is even worse if you allow your login forms to be processed via "HTTP-GET". After successfully creating an account once, there's nothing stopping the spoofer from automating the whole process.
It's quick, easy and you get access to all the articles on DevX.
This registration/login is to allow you to read articles on devx.com. Already a member?
To become a member of DevX.com create your Member Profile by completing the form below. Membership is free!
epending on which side of the consumer-business equation you are on, you might either expect to perform a transaction with another machine or you might expect a person to be on the other end of the transaction. When you run a business that requires legitimate user-accounts, you may be surprised to find that some of your accounts may belong to a single person—one using a skillfully-crafted script running on his machine to create many "virtual" accounts with your business. These accounts tie up your resources, bandwidth, and other time and materials.
