Ticket #52 (new defect)

Opened 3 years ago

Last modified 3 years ago

Make it harder for someone to upload a bunch of postcodes without clicking

Reported by: nick Owned by: davids
Priority: minor Milestone: Mañana
Component: Website Version:
Keywords: Cc:

Description

We want to make it harder for someone to just dump a load of postcodes into the system without clicking them on a map.

If we send a unique submission token with each map request, we can ensure they actually fetched the map they're submitting a postcode for. Without some faffing, it'd stop someone submitting several postcodes on one map without reloading.

If we just required them to send some sort of hash based on the tile they're clicking on, the checksum generation would have to be in the JS that they'd have, but it'd still be fair amount of faff for them to fake.

Needs some thought.

Change History

Changed 3 years ago by dom

  • milestone changed from Main release and major publicity to Mañana

Not really practical but let's leave it open for a while in case we think of something later.

Note: See TracTickets for help on using tickets.