12306 website Thoughts

Source: Internet
Author: User

12306 website problems are surging and have been discussed in many articles. 12306 website problems are concentrated at two points: Login Failure and security.

Security is constantly being patched, and it may be better. The specific problem is not clear except SQL injection. SQL injection can be performed with input check. You can also add multiple prevention measures, such as SQL statements with parameters supported by sqlserver databases, and any characters in the parameters.

Login Failed. If the hardware is not enough, you need to add hardware. Protection against malicious users is required.

When users log on to the DNS server, they first access the DNS server. Different broadband service providers have different DNS servers. Due to malicious users, you may need to log on to multiple servers. The business scope is user login and user login is not required. multiple servers can be fault-tolerant. For example, one server corresponds to one or more DNS servers.

Users can log on to the server to record IP addresses and related information to prepare for blacklist. The number of windows opened with the same IP address is limited. No IP address or IP address attack occurs, which can be solved together with the broadband service provider. Blacklist data servers must be set up separately or even multiple. The blacklist Distributed Data Server can be considered the same as the login server. In addition to the authenticity of user registration, the verification code (image verification code and identity information verification (age, address, validity period, etc.) is added during login )).

After the login is successful, it is transferred to the user server with encrypted dynamic login parameters. The user server relies on the same logic algorithm to ensure authenticity. Dynamic login parameters are included in each interface of the user server. Dynamic login parameters are time-sensitive. After the user server relies on dynamic Login Parameters and network attack protection, it enters the user mode.

User-mode databases and the databases that log on to the server must be separated to ensure the interests of users. Both the user mode and the login mode have the query function, but the login mode is more rough and lagging. The login Mode Interface prompts the lag. During the Spring Festival, when there are few tickets but there are many requirements, we can consider not only the installment investment of tickets, but also the probability extraction method.

The probability extraction algorithm is used for example: a user extracts a ticket every 10 minutes. The first time is the total number of available votes, the expected number of votes, and the expected number of successful votes. The probability is reduced by 30% in the future. Some parameters of the algorithm need to accumulate historical data. manual adjustment can be added to cope with non-empirical situations. The expected user success value is 1. If the probability is greater than 1, the full ticket is provided. The probability extraction algorithm is important and needs to be carefully considered and optimized based on the user behavior recorded in history. The probability of the probability extraction method is closely related to the installment investment policy and should be presented to the user for visibility. The probability of user discovery is too low, so the solution should be considered.

Blacklist is also required for user mode.

User-mode web servers and database servers can be multiple when necessary.

The total data server stores the latest information. Set the backend server. the backend server distributes the delayed distribution information from the total server to the user data server and then to the login server. Tickets automatically invested in installments are also carried out by the backend server. The background server must be protected against multi-thread congestion.

In general, servers include web servers, logic servers, and data servers, including login mode servers, user mode servers, and Master Control servers.


The impromptu text is incomplete. The query and Analysis Server can be a single column.



Contact Us

The content source of this page is from Internet, which doesn't represent Alibaba Cloud's opinion; products and services mentioned on that page don't have any relationship with Alibaba Cloud. If the content of the page makes you feel confusing, please write us an email, we will handle the problem within 5 days after receiving your email.

If you find any instances of plagiarism from the community, please send an email to: info-contact@alibabacloud.com and provide relevant evidence. A staff member will contact you within 5 working days.

A Free Trial That Lets You Build Big!

Start building with 50+ products and up to 12 months usage for Elastic Compute Service

  • Sales Support

    1 on 1 presale consultation

  • After-Sales Support

    24/7 Technical Support 6 Free Tickets per Quarter Faster Response

  • Alibaba Cloud offers highly flexible support services tailored to meet your exact needs.