On 5/7/07, Roman Kyrylych <roman.kyrylych@gmail.com> wrote:
2007/5/7, Dan McGee <dpmcgee@gmail.com>:
On 5/7/07, Jürgen Hötzel <juergen@hoetzel.info> wrote:
There is no solution, if users are anonymous. A simple workaround/hack:
Prevent connects from the same IP (for a limited time period).
This could limit the possibility to flood the database with multiple machine entries from one user.
I thought about this solution as well, but I realized it does carry with it a rather large negative. If a user has 4 Arch boxes behind a router with NAT, and they all run archstats as a cronjob at the same time, we would be excluding all but 1 of his boxes from updates.
How essential is user anonymity on submission? Would users feel comfortable registering (which is a hurdle I think we should try to avoid) if their anonymous state was still preserved in any data presented to the user?
Also, users connected to large ISPs have dynamic IPs (at least this is common case in Eastern Europe).
That isn't the problem here Roman- that will work just fine. We aren't planning on doing a one-to-one pairing of users with IP addresses. He only proposed that we limit the connections from one IP address to one update an hour, for example, to prevent mass floods of the database. -Dan