Forum Stats

  • 3,824,937 Users
  • 2,260,441 Discussions


Nonce usage to prevent bot attacks


I am using JSP , J2EE application (Not struts) i want to prevent bot attacks from happening in my form , i am planning to do the below for my form,

1. Generate a random token and set it in hidden field of the form  in JSP

2. During form submission store the random number set in hidden form field in DB

3. Compare the submitted token is matching with the one from DB to see whether it matches , if is not matches it is a bot attack.

Please let me know whether what is mentioned above is correct? if not please let me know how we can handle it in a better way?

1. Also how we can generate the random token number in java and how this can be set in hidden form field

2. Where we need to handle the comparison logic?

Any examples/tutorials on this is really helpful. Thanks in advance.