To LUGNET HomepageTo LUGNET News HomepageTo LUGNET Guide Homepage
 Help on Searching
 
Post new message to lugnet.cad.dev.org.ldrawOpen lugnet.cad.dev.org.ldraw in your NNTP NewsreaderTo LUGNET News Traffic PageSign In (Members)
 CAD / Development / Organizations / LDraw / 3564
3563  |  3565
Subject: 
 Re: MOTM / SOTM Voting For December Is Now Open
Newsgroups: 
 lugnet.cad.dev.org.ldraw
Date: 
 Wed, 7 Dec 2005 23:53:03 GMT
Viewed: 
 2486 times
  
In lugnet.cad.dev.org.ldraw, Orion Pobursky wrote:
In lugnet.cad.dev.org.ldraw, Dan Boger wrote:
On Tue, Dec 06, 2005 at 10:14:28AM +0000, Jacob Sparre Andersen wrote:
This prevents people from remotely calling the followon PHP function
to process the form data without actually using the form (i.e. bot
protection among other things).

And what do we need "bot protection" for?  It is already a "members
only" page.

Not to mention that it's trivial to bypass it if you did want to use a
bot.  If we need to do bot protection, we can use a captcha (similar to
the way we're protecting the full installer) when votes are actually
submitted.  But there's no reason (imo) to disallow multiple windows.

I'm hesitant to use a captcha since it's just one more step in a process that's
supposed to be quick and easy (i.e. it makes since to us webheads but the
general user will see it as a pain-in-the-rear).  I do however agree that a
permissions check is also done so this "authid generation" might be pointless.
I've asked the PN forums for more clarification on the issue since I can easily
remove authid checks in this instance (i.e. it's in the code for the module and
not part of core PN).

Here's the reply I got on the pnForums regarding the use of the authid:

The main reasons are all security related. When a form is secured using authid:

1) The form can't be faked by inserting things into the get/post array.
2) The form is securedfrom flood protection - i.e. multiiple submissions of the
form.

My question is this: is there a way to prevent the 2 things mentioned above
while also preserving the ability of the user to have multiple tab open, use the
back button, etc...

-Orion



Message is in Reply To:
  Re: MOTM / SOTM Voting For December Is Now Open
 
(...) I'm hesitant to use a captcha since it's just one more step in a process that's supposed to be quick and easy (i.e. it makes since to us webheads but the general user will see it as a pain-in-the-rear). I do however agree that a permissions (...) (19 years ago, 7-Dec-05, to lugnet.cad.dev.org.ldraw)

19 Messages in This Thread:






Entire Thread on One Page:
Nested:  All | Brief | Compact | Dots
Linear:  All | Brief | Compact
    
Custom Search

©2005 LUGNET. All rights reserved. - hosted by steinbruch.info GbR