I am using Tomcat and Jersey 2 to implement a rest API. The rest services reminds me of tinyURL.com, as it takes an arbitrary url and wraps it in a minified one. I have implemented captchas to secure myself from bots spamming my services. However, I notices that tinyURL does not have any form of captcha validation.
So my question is, how do you think they have done? Do Tomcat or jersey comes with built-in spam detection? What are the alternatives to captcha?
posted 1 year ago
By "spam", do you mean programmatic access? I would imagine that such access isn't a problem per se (nothing wrong with automating things), but is subject to the same limitations as any other access - probably only a limited number of accesses is possible per IP in a given time period.