Comments (8)
What kind of data are you tracking?
from condor.
@ralphtheninja it's user analytics. links clicked on, how far they scroll down, etc etc.
Idea: in first request, the server detects ip address, and hashes that with user agent, session etc into one token. the token should be deterministic given the data. it would be given to the client and uses as the id in the logs - but also stored in a database. then we know that if it is not in the database then it's not valid. could hash with salt so that it's infeasible to guess a valid id.
from condor.
of course, someone could still get the token off the page and mess with the analytics by writing out funny data. there isn't anyway to stop that. so most of this would come down to validation. maybe rate limiting updates from one connection?
from condor.
Sign the data somehow? Too expensive?
from condor.
Just one thought -- Regardless of if we can sign the data or not there is a need to clean up the data anyways, and if so, can we handle bogus data then, instead of pre-empting it? (Ideally we do both, but perhaps short-term clean-up can handle most use cases and then we can figure out how bad bots or malicious users are abusing the endpoints?)
from condor.
We can have predetermined types and lengths for the data on the receiving servers, maybe even some simple validation schema. This will protect against mal-formed requests.
Anything that originates on the client and isn't passed through the back end of the application is going to be untrusted. But that's not terrible since there aren't really any incentives for attack. This interface isn't (D)DOS-able.
from condor.
signing the data will be quite cpu expensive (on both the client and server) we don't want to affect UX at by something the user is not getting anything out of. agree what we want is mainly filtering.
from condor.
+1 simple validation schema
from condor.
Related Issues (19)
- create readme HOT 1
- Track arbitrary data HOT 3
- Track href and target if someone clicks on an element within an a-element
- Batching data & timestamp on server HOT 4
- Some tests are failing sometimes
- custom columns
- Ability to push trackable-custom events HOT 1
- Tests are faling HOT 5
- lots of scroll data HOT 2
- add max-scroll column(s)
- log mouse movements
- visible time elapsed
- do we want to create uuid for users if they don't have one cookied? HOT 7
- Unite initial visibility with onfocus & onblur
- Track when window gets closed
- Change example to a batched POST
- Track submit on forms HOT 1
- test everything
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from condor.