Hi, how do Facebook posts (status updates) / comments work in terms of security... I was surprised to see that Facebook allowed me to post 3 status updates one after the other and then also allow me to post 20 comments on a status update all within 5 seconds I have a comment feature on my website and i need a way of preventing users from spamming with comments (without use a captcha) Users must be logged in to post a comment... so when a comments is being posted, should i just check to see if the same $ user_id posted a comment within the last 20 seconds... or can someone think of a more suitable method... Thanks in advance for your help...
my answer would be yes. check if a user has posted a comment in the last few seconds and if he has then tell him he has to wait. I would put 2 measures in place. 1. if the user has posted don't even give him a form. simply say sorry you already posted a comment now you got to wait another 10 seconds. 2, But since you can't trust that method entirely I would also do a check before inserting the comment in the db to ensure they don't use a bot.
nope. just because there is no form does not mean someone can write a script and still try to submit a comment even though there is no form. as a rule before you do any inserts into your db always run extensive checks to ensure the insert is allowed.
FaceBook ISN'T as secure as one may think.... However, it's entire model is based on the fact that your FaceBook friends KNOW YOU and find you through their friends or directly. Friends rarely spam friends. MySpace's model was all about making new friends which leaves you open to accepting "friendships" with strangers/bots/spammers.