tags:

views:

1329

answers:

6
Q: 

jsp get ip address

Hello, whats the best way of preventing someone from voting twice? How do i get the users ip address? What if they are on a large network? will everyone on that network show the same ip? thanks

UPDATE: request.getRemoteAddr() and request.getRemoteHost() return the Server names, not the client's host name and ip. Anyone else got any bright ideas?

Ok, so lets forget about the voting twice thing. Im just trying to get the users ip address? i tried request.getRemoteAddr() and request.getRemoteHost() and think im getting the servers address. I have access to two separate networks and am getting the same IP address :(

+3  A: 

In your JSP, use request.getRemoteAddr(). This returns the IP address of the agent that sent the request as a String.

Also, request.getRemoteHost() will attempt to get the fully qualified host name. If it can't resolve the name however, the IP address will be returned as in getRemoteAddr().

karim79  2009-04-05 11:35:30
A: 

You can get the IP address with request.getRemoteAddr(). If the network is using a NAT router, all users will get the same address though

Maurice Perry  2009-04-05 11:37:57
+2  A: 

If users are behind NAT router or proxy server, you will see them with the same IP address. Therefore, it is not the best way of allowing users to vote once.

An alternative would be to use cookies, but again, it is possible to erase the cookie and vote again.

Aziz  2009-04-05 11:38:12
+2  A: 

AFAIK the ONLY way of preventing a second vote is by authenticating. Obviously this is not always possible, so you have to mitigate the possibility of a single user casting a ton of votes.

  • Throttle the voting by source IP. Use the getRemoteAddr() to allow, say... a vote per hour?... per minute? ... it will depend on how much voting you expect. Adjust the number according to experience.
  • Plant a cookie on the response for every voting poll, which expires after the ballot closes.
  • Make it harder to forge requests by checking and validating headers like Referer and User-Agent.
Marcelo Morales  2009-04-05 14:23:20
A: 

Ad UPDATE: are you using reverse proxy? Is there any Apache behind your java application server?

 2009-05-30 00:18:39
+1  A: 

To get the IP of a client behind a router/firewall you can use request.getHeader("X-FORWARDED-FOR").

The X-Forwarded-For (XFF) HTTP header is a de facto standard for identifying the originating IP address of a client connecting to a web server through an HTTP proxy or load balancer. http://en.wikipedia.org/wiki/X-Forwarded-For

Keep in mind though, that this value can be changed by the proxies between you and the client. Though it should be the correct IP.

Andreas  2010-03-15 15:45:50

related questions

Java Time Zone is messed up
Eclipse on win64
Automate builds for Java RCP for deployment with JNLP
Why are professors or schools picking Java over C++ to teach to students?
Is there a real benefit of using J#?
Public/Popular Websites using JavaServer Faces
Why can't I use a try block around my super() call?
Accessing post variables using Java Servlets
Personal Linux web server
Is this really widening vs autoboxing?
How can I Java webstart multiple, dependent, native libraries?
Why can't I call toString() on a Java primitive?
How do I use Java to read from a file that is actively being written?
What code analysis tools do you use for your Java projects?
IllegalArgumentException or NullPointerException for a null parameter?
How do I configure and communicate with a serial port?
What is the best way to parse strings in Java
Getting started with a custom JXTA PeerGroup
Creating a custom button in Java
How to get started "writing" a code coverage tool?
Which Build-/Configuration Management Tool?
What is the difference between an int and an Integer in Java/C#?
What is the meaning of the type safety warning in certain Java generics casts?
How would you access Object properties from within an object method?
Converting CSV File to XML in Java