In this section, let's take a look at the dottext trackback process.
First, let's take a look at how to send trackback: The portal is dottext. Framework. entryhandling. process.
- CheckArticleWhether the remote webpage link is included in the content.
- Download HTML from a remote webpageCodeIf the link is not valid, return
- Check whether the link in this article has been included in the obtained HTML code. It indicates that the link has been pinged.
- In the HTML code, the link to be trackback is obtained based on the trackback standard (the link is included in the annotated XHTML code with the key value of RDF), which completes the conversion from the webpage to the trackback link.
- Send (PING) trackback.
Let's take a look at the process of receiving trackback. The entry is dottext. Framework. Tracking. trackbackhandler. processrequest.
- Obtain the ID of the local article based on the pinged trackback link. If no ID is obtained, the link is invalid.
- Whether the request method is post or not is returned. This is specified by the trackback standard.
- Retrieves data from the database based on the ID number and generates an entry object.
- Download the HTML code of the remote webpage based on the uploaded URL. If the obtained HTML code does not contain a link to a local article, it indicates it is not a legal link and you need to return
- Analyze the page title of the other party from the HTML code. If no, return
- Generate a new entry object and assign values to its attributes.
From this we can see that the trackback sending efficiency of dottext is relatively low. The reason is that you need to download remote HTML, which is a very time-consuming task, not to mention extracting the trackback link from a very large HTML code.
In addition, no blocking mechanism is set up when trackback is received. Thus, it is impossible to avoid the attacks of advertising, that is, spam comment.
To solve these problems, I need to change the send MECHANISM OF THE send trackback.
- Trackback is no longer automatically obtained according to the trackback standard, which is not only extremely inefficient, but many websites do not support this standard (for example, www.blogchinese.com directly provides reference notices instead of hiding them in the webpage, haha, the trackback operation fails. We assume that the user inputs a valid trackback link. Send directly.
- To give users a valid trackback address, the trackback link of this article is displayed after the content of each article.
- Provide another page and enter the webpage link to display the trackback link of the webpage to continue supporting those websites that comply with the standards.
When receiving trackback, we make the following changes:
- Get the URL of the other party to the library for verification, and check whether the other party has pinged. Because it is performed locally, the speed will be very fast.
- Create a blackip table in the database to verify the IP address of the attacker. In this way, you can block the IP address of the attacker.
The above is just my idea. Because of the time, we have not implemented it. If you have better suggestions, we can discuss them together.