[DUG] Work Wanted in Wellington

Leigh Wanstead leigh.wanstead at gmail.com
Fri Jul 4 10:56:51 NZST 2014 

Hi John,

Thanks for the suggestion.

But if I offer authenticate after 100-200 records, the hacker just give up
that cookie, ip and get a new ip to bypass the restriction.

Regards
Leigh


On 4 July 2014 10:51, John Bird <johnkbird at paradise.net.nz> wrote:

>   Sounds to me like the data needs to be hidden from the web site in a
> database with authentication to view records.   You could easily allow
> users to see say some eg 100-200 records even if not authenticated but not
> more.
>
> There is a similar restriction in data for instance with electoral roles –
> you can look up names but not scrape data – there the reasons are for
> privacy as well as to protect their income as they sell data to certain
> users only.
>
>  *From:* Leigh Wanstead <leigh.wanstead at gmail.com>
> *Sent:* Friday, July 4, 2014 10:39 AM
> *To:* NZ Borland Developers Group - Delphi List
> <delphi at listserver.123.net.nz>
> *Subject:* Re: [DUG] Work Wanted in Wellington
>
>  Hi David,
>
> It is like amazon. Amazon does not require user name/password just
> browsing the data.
>
> Regards
> Leigh
>
>
> On 4 July 2014 10:29, David Brennan <dugdavid at dbsolutions.co.nz> wrote:
>
>>  Sounds unusual. So the company sells the data but doesn’t have a login
>> system to control who consumes the data?
>>
>>
>>
>> David.
>>
>>
>>
>> *From:* delphi-bounces at listserver.123.net.nz [mailto:
>> delphi-bounces at listserver.123.net.nz] *On Behalf Of *Leigh Wanstead
>> *Sent:* Friday, 4 July 2014 10:16 a.m.
>>
>> *To:* NZ Borland Developers Group - Delphi List
>> *Subject:* Re: [DUG] Work Wanted in Wellington
>>
>>
>>
>> Hi Jolyon,
>>
>>
>>
>> The company I work for is selling data. The data is the income of the
>> company.
>>
>>
>>
>> Regards
>>
>> Leigh
>>
>>
>>
>> On 4 July 2014 09:23, Jolyon Smith <jsmith at deltics.co.nz> wrote:
>>
>> I don't understand this determination to make the hacker's life
>> difficult.  Surely the objective is to address the impact on the site for
>> legitimate users ?
>>
>> Contriving schemes to make the hacker's life difficult is simply
>> extending the problem domain into an irrelevant area and increasing the
>> complexity by orders of magnitude in order to protect information that is
>> public already - there is no mention of any attempt to thwart site
>> security, only scraping of publicly accessible URL's..
>>
>> If the intent is to disincentivise the hacker, simply denying them the
>> ability to scrape the site by detecting and blocking them will cause them
>> inconvenience enough.  Even if it doesn't, as long as their activity is not
>> impacting on the legitimate operation of the site then the key objective is
>> met - that of maintaining site response for legit users.
>>
>> Almost all of these schemes to make the scrapers life miserable do also
>> impact on the legitimate user experience, loading up the server and the
>> client browser processing with overhead targeted at the scraper but imposed
>> on ALL clients.
>>
>>
>> I can see that the technical challenge of "beating" the hacker could be
>> attractive, but it seems to me to be an ultimately pointless and resource
>> sapping "Arms Race" that cannot ever really be won...  even if you
>> eventually drive the scraper to give up entirely, burdensome
>> counter-measures will themselves have impacted on your site, defeating if
>> not the whole object then certainly a significant part of it, of getting
>> rid of the scraper activity in the first place.
>>
>> Of course, if you can find counter-measures which do not impose any such
>> burden on legit users then you have the best of both worlds, but the key
>> need to be met is addressing the scraper by removing the impact on legit
>> users, not adding to it.
>>
>>
>> So, bringing it back to the original topic - What makes a good developer ?
>>
>> Another characteristic would be the ability to remain focused on the key
>> objective/user need, rather than being drawn into a bottomless honey pot of
>> technical challenge of limited/no direct relevance to the problem at hand.
>>
>> :)
>>
>>
>>
>> On 4 July 2014 09:05, Phil Scadden <p.scadden at gns.cri.nz> wrote:
>>
>>
>> > Regarding to render the website in Javascript, how are you going to
>> > stop the browser driven by script? The hacker does not need to
>> > understand the javascript. All he need is just grab dom element.
>> That would be true but very unlikely that hacker is using browser. Too
>> slow. If you load the html with junk data and modify it with js, it may
>> take the hacker a long time to notice they are using crap. But I would
>> looking at detecting the hacker without a tip off in first place and
>> then figure out ways to make life difficult.
>>
>>
>> --
>> Phil Scadden, Senior Scientist GNS Science Ltd 764 Cumberland St,
>> Private Bag 1930, Dunedin, New Zealand Ph +64 3 4799663, fax +64 3 477
>> 5232
>>
>> Notice: This email and any attachments are confidential.
>> If received in error please destroy and immediately notify us.
>> Do not copy or disclose the contents.
>>
>> _______________________________________________
>> NZ Borland Developers Group - Delphi mailing list
>> Post: delphi at listserver.123.net.nz
>> Admin: http://delphi.org.nz/mailman/listinfo/delphi
>> Unsubscribe: send an email to delphi-request at listserver.123.net.nz with
>> Subject: unsubscribe
>>
>>
>>
>>
>> _______________________________________________
>> NZ Borland Developers Group - Delphi mailing list
>> Post: delphi at listserver.123.net.nz
>> Admin: http://delphi.org.nz/mailman/listinfo/delphi
>> Unsubscribe: send an email to delphi-request at listserver.123.net.nz with
>> Subject: unsubscribe
>>
>>
>>
>> _______________________________________________
>> NZ Borland Developers Group - Delphi mailing list
>> Post: delphi at listserver.123.net.nz
>> Admin: http://delphi.org.nz/mailman/listinfo/delphi
>> Unsubscribe: send an email to delphi-request at listserver.123.net.nz with
>> Subject: unsubscribe
>>
>
>
> ------------------------------
> _______________________________________________
> NZ Borland Developers Group - Delphi mailing list
> Post: delphi at listserver.123.net.nz
> Admin: http://delphi.org.nz/mailman/listinfo/delphi
> Unsubscribe: send an email to delphi-request at listserver.123.net.nz with
> Subject: unsubscribe
>
>
> _______________________________________________
> NZ Borland Developers Group - Delphi mailing list
> Post: delphi at listserver.123.net.nz
> Admin: http://delphi.org.nz/mailman/listinfo/delphi
> Unsubscribe: send an email to delphi-request at listserver.123.net.nz with
> Subject: unsubscribe
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://listserver.123.net.nz/pipermail/delphi/attachments/20140704/2107abe1/attachment.html

More information about the Delphi mailing list