Sign in to follow this  

[web] Simulating dialup?

This topic is 4101 days old which is more than the 365 day threshold we allow for new replies. Please post a new topic.

If you intended to correct an error in the post then please contact us.

Recommended Posts

What do you mean by "simulate dialup"?

I am assuming you mean download time to display the web page.

In FireFox, there is a plugin called the Web Developer Toolbar with lots of goodies. Its Information page shows the size of everything that is downloaded for the page. Also useful is a download time calculator

For example, using the Information | Document Size in the toolbar gives:
Document Size - 
Documents (1 file) 23 kb
Images (57 files) 59 kb
style Sheets (2 files) 30 kb
Scripts (5 files) 23 kb
Total 135 kb

Putting that into the download time calculator, I get:
* 48 seconds on a 28.8K modem
* 18 seconds on a 56K modem
* 1 second on DSL and T1 connection.

Hope that helps.

Share this post


Link to post
Share on other sites
I'm not so much interested in how long things take to download as I am just testing to make sure there aren't any weird bugs that pop up when using dialup. For instance, when using a page sitting on localhost I've only got time to hit a submit button once before a new page is shown, but with dialup I'd have the opportunity to sit there and click it many times and possibly do bad things. That's why I want the simulator for testing.

Share this post


Link to post
Share on other sites
That has nothing to do with dial-up. If you want to test it, it's the same thing as the Refresh glitch. You cannot assume anything good when it comes to accepting data from the web. People on broadband and dialup alike will double click submit buttons or hit refresh after submitting data. You have to be able to deal with it on the server.

For most things it's a simple as doing a lock, checking status, and then processing the data. That's security 101. If you get in the habit of doing that, you'll find that most of the problems associated with double loading automatically disappear.

For some things, you do have to go the extra mile. For instance, when accepting a post to a forum, you should check for duplicate posts within the last hour or so. Stuff like that prevents most accidental data "corruption."

For very sensitive data, it might be useful to create throw-away tokens per page. Basically, keep an array of random tokens that are generated once per page. It gets placed as a hidden field in the form. When submitting the form, the token is validated and destroyed. If they refresh the form using the same token, it won't work. (Note that due to tabbed browsing, it's best to just keep all unused tokens in an array and let them be used at any time in any order.) As an aside, this can also be helpful to combat evil third party sites submitting pre-filled forms to your site.

Share this post


Link to post
Share on other sites
Just to expand on that a bit: If you're worried about security, do not assume a single thing about the client computer. Don't assume it'll have a particular minimum speed or a particular maximum speed. Don't assume that hidden fields won't be changed or removed. Don't assume that missing fields won't appear. Don't assume that cookies will stay the same, or that unlinked pages won't be found. For purposes of authentication, the only thing you should assume is that properly configured cookies won't be accidentally shared; and even that should only be assumed where absolutely necessary.

In other words, most of your security testing should be deductive rather than empirical. You should write code in such a way that you know, even without exhaustive testing, that people won't be able to get in. (There are books and tools to help you with this... tell me if you need references.)

Share this post


Link to post
Share on other sites
Quote:
Original post by konForce
That has nothing to do with dial-up. If you want to test it, it's the same thing as the Refresh glitch.

Not if I'm redirecting immediately after the post.

Everything you guys said is true, but it still doesn't answer my original question.

Share this post


Link to post
Share on other sites

This topic is 4101 days old which is more than the 365 day threshold we allow for new replies. Please post a new topic.

If you intended to correct an error in the post then please contact us.

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now

Sign in to follow this