[Sussex] Signing up to the Moot next week.
Steve Dobson
steve at dobson.org
Wed Oct 27 11:59:17 UTC 2004
Gareth
On Mon, Oct 25, 2004 at 09:54:03AM +0100, Gareth Ablett wrote:
> Steve,
>
> I know you wont read this till you get back but hey not going to stop me
> sending it.
>
> Ok just to let you know it wasn't me although I did point out the
> possible problem that this form had when we went to the linuxexpo, tbh I
> feel the script is some what open to attack, as I've learnt with forms
> like this online it is well worth using a few bits of security.
>
> 1. Log the IP of who posted don't let the same person submit and name or
> activate more then say twice in 5 additions/activations.
>
> 2. Log all IP's in the database that way you will have an easier method
> of removing them in one query.
>
> 3. Add a confirm page this prevents automation in a lot of cases and
> slows down would be pranksters.
>
>
> Just my pennies worth feel free to implement any of none of these ideas.
I've been happly playing with GeekLog over the past few days and feel that
it should be rolled out.
Before doing so I was going to test my patch by installing it on to the
SLUG PC (donated by Nik) and configure it for one of the IP addresses I
own so everyone can have a look.
By using Geeklog we get their security checks which means we can use a
better method of collecting names for the moots.
Steve
More information about the Sussex
mailing list