CAPTCHA is a lot better than what you suggested though.
Is it really worth what I mentioned?
2 Likes
TBH, what you mentioned is true, but security comes at a price, buddy!
It wonāt impact the load time a lot but the chance of manipulating the cookies is very low.
Got it! The free plan often offers unlimited bandwidth to attract users, while the other plans with a 250GB limit strike a balance between accommodating regular usage and reserving higher tiers for heavier data needs. The highest-cost plan likely includes unlimited bandwidth and premium features as an incentive for users willing to invest more.
No, because:
You want to be able to set the cookie when the visitor opens the web page, and then reuse that cookie for any subsequent requests. The same cookie should work when downloading CSS, JS and images, as well as work on any AJAX requests that could be sent hours after
Just blocking all traffic to every site is the best for security, but it has some obvious downsides.
There is always a tradeoff between making sites more secure and making them usable.
CAPTCHAs are even more intrusive than the current validation system. If you trigger a CAPTCHA on page load, it may need a few seconds to come to a conclusion, and it may require visitors to complete a challenge to access the website. Cloudflareās āUnder attackā system does something like this, although they run checks before presenting the CAPTCHA, and only show the CAPTCHA to suspicious visitors.
The current Javascript challenge never requires any interaction from the visitor, and is really fast.
And even with a CAPTCHA, you will still need to set a cookie to mark a browser as secure so you can send additional requests (same as with our current system), which means itās also possible to copy that cookie into a bot. So it doesnāt solve the problem weāve been discussing here.
7 Likes
Sometimes when Iām on a page on my website and use AJAX to fetch something else, it will return the security system and Iāll have to reload the page (even if I had just opened the website).
1 Like
The cookie has a timeout period on it that is long enough for all requests for the current pageload to be made.
I would assume it is also used as a way to prevent chat scripts from abusing the servers from long sessions as well.
3 Likes
No, the cookie values are just rotated to prevent people from copying a cookie once and reusing it forever. Browsers seeing the challenge on XHR requests after some time is probably just an undesired side effect. After all, there are plenty of use cases to use XHR long after a page was loaded (notably on an SPA), not just chat.
4 Likes
yup it does
made a website use to download twitter videos work properly but im working on its theme wanted to improve more here is the link HIDDEN BY MOD - SPAM
What exactly needs to be improved? The theme looks just fine to me.
3 Likes
it looks fine ?? thx for your opinion mate i suddenly posted another thread same like previous oone
thx for your advice im having a chat with editor
1 Like
This topic was automatically closed 15 days after the last reply. New replies are no longer allowed.