Opened 13 years ago

Last modified 13 years ago

#52 new defect

Make it harder for someone to upload a bunch of postcodes without clicking

Reported by: Nick Burch Owned by: David Sheldon
Priority: minor Milestone: Mañana
Component: Website Version:
Keywords: Cc:

Description

We want to make it harder for someone to just dump a load of postcodes into the system without clicking them on a map.

If we send a unique submission token with each map request, we can ensure they actually fetched the map they're submitting a postcode for. Without some faffing, it'd stop someone submitting several postcodes on one map without reloading.

If we just required them to send some sort of hash based on the tile they're clicking on, the checksum generation would have to be in the JS that they'd have, but it'd still be fair amount of faff for them to fake.

Needs some thought.

Change History (1)

comment:1 Changed 13 years ago by Dominic Hargreaves

Milestone: Main release and major publicityMañana

Not really practical but let's leave it open for a while in case we think of something later.

Note: See TracTickets for help on using tickets.