Databases
StackOverflow2013
Postsdbo
PODjango HTTP GET Security
 

Note that there are some explanatory texts on larger screens.

plurals
  1. PODjango HTTP GET Security
    primarykey
    data
    text
    <p>On my homepage, I have a random poll for each visitor. Upon loading the homepage, an automatic HTTP GET triggers my view to generate a unique session ID for that poll. This is to ensure that the user is indeed voting on the poll that I randomly generated for them in my view instead of just manually constructing their own HTTP POST to vote on the polls they want.</p> <p>However, with that initial HTTP GET, I also save the unique id to my database so I can validate their future POST. Does this produce a security issue if the user was to spam my homepage with HTTP GETs to trigger multiple database writes?</p> <p>I understand that HTTP GET should not change the state of my application, but is this a time when it is appropriate for an HTTP GET to do so? If not, how would I fix this dilemma? </p> <p>When I span my server with HTTP GETs, I get the following error. Is this error coming from excess writes to my database or something else?</p> <pre><code>Traceback (most recent call last): File "/usr/lib/python2.7/wsgiref/handlers.py", line 86, in run self.finish_response() File "/usr/lib/python2.7/wsgiref/handlers.py", line 127, in finish_response self.write(data) File "/usr/lib/python2.7/wsgiref/handlers.py", line 210, in write self.send_headers() File "/usr/lib/python2.7/wsgiref/handlers.py", line 268, in send_headers self.send_preamble() File "/usr/lib/python2.7/wsgiref/handlers.py", line 195, in send_preamble self._write('Server: %s\r\n' % self.server_software) File "/usr/lib/python2.7/socket.py", line 324, in write self.flush() File "/usr/lib/python2.7/socket.py", line 303, in flush self._sock.sendall(view[write_offset:write_offset+buffer_size]) error: [Errno 104] Connection reset by peer ---------------------------------------- Exception happened during processing of request from ('127.0.0.1', 58092) Traceback (most recent call last): File "/usr/lib/python2.7/SocketServer.py", line 582, in process_request_thread self.finish_request(request, client_address) File "/usr/lib/python2.7/SocketServer.py", line 323, in finish_request self.RequestHandlerClass(request, client_address, self) File "/usr/local/lib/python2.7/dist-packages/django/core/servers/basehttp.py", line 139, in __init__ super(WSGIRequestHandler, self).__init__(*args, **kwargs) File "/usr/lib/python2.7/SocketServer.py", line 640, in __init__ self.finish() File "/usr/lib/python2.7/SocketServer.py", line 693, in finish self.wfile.flush() File "/usr/lib/python2.7/socket.py", line 303, in flush self._sock.sendall(view[write_offset:write_offset+buffer_size]) error: [Errno 32] Broken pipe </code></pre>
    singulars
    1. PO
      singulars
      1. PTAnswer
    1. This table or related slice is empty.
    1. PTQuestion
    1. USuser1431282
    1. USuser1431282
    plurals
    1. This table or related slice is empty.
    1. This table or related slice is empty.
    1. This table or related slice is empty.
    1. PO
      singulars
      1. PTAnswer
    1. VO
      singulars
      1. PODjango HTTP GET Security
      1. This table or related slice is empty.
      1. VTUpMod
    1. COThe errors probably are coming from an overloaded server, not from your app. I didn't really understand what you were trying to achieve though, care to re-word?
      singulars
      1. PODjango HTTP GET Security
      1. USThomas Orozco
    2. COYes definitely, I reworded it the best I could :) Thanks for your insight about the overloaded server, is this something that could be fixed upon deploying this on a production server as opposed to a development server?
      singulars
      1. PODjango HTTP GET Security
      1. USuser1431282
    3. COUsing a production server will let you serve a lot more users, yes. Regarding your use case, I don't really understand what it is with displaying a poll for a single user.
      singulars
      1. PODjango HTTP GET Security
      1. USThomas Orozco
 

Querying!

 
Guidance
A row detail

Detail views are divided into sections. All the information in the data section comes from columns in the selected row. The other sections display data from other, related rows.

Related data can be related in a to-one or a to-many fashion. Captions of data related in a to-many fashion link to a list view showing a filtered view of the table.

Try moving around until you find a non-empty to-many entry and click on the label to get to one. You can move back to the root by clicking on the database name in the header.

SQuiL has stopped working due to an internal error.

If you are curious you may find further information in the browser console, which is accessible through the devtools (F12).

Reload