[Top][All Lists]
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [Self-platform-dev] Fwd: [bug #22391] Anonymous users can't edit LOs
|
From: |
Federico Heinz |
|
Subject: |
Re: [Self-platform-dev] Fwd: [bug #22391] Anonymous users can't edit LOs |
|
Date: |
Mon, 24 Mar 2008 11:11:22 -0300 |
On 23/03/2008, Dinesh Joshi wrote:
> Tying the users to an IP or rather the changes to a particular IP is
> as good as not storing anything. The only use of logging IPs is when
> anonymous users are allowed to edit LOs. For example, a spammer
> creates spam articles and you'd want to ban that IP.
I know it's not particularly useful, other than for having *some* handle. It
is not a good solution, it's just better than having everything thrown into the
same bin. Maybe logging a hash of the session cookie is a better solution?
> Captchas are a good security measure but are vulnerable these days.
They are, but only for specific cases. I haven't heard of successful attacks on
recaptcha <http://recaptcha.net/>, which even helps a good cause!
> Besides, anonymous edits dont serve a good purpose. If you're thinking
> of making it easy for people to quickly edit LOs then why not
> authenticate against an OpenID account ( see: www.openid.net )?
Because some people don't want to have an openid account (/me raises hand), and
sometimes I just might want to post anonymously. Anonymity does serve a
purpose. It creates problems, but they are not as serious as the ones created
by its loss.
Fede
signature.asc
Description: PGP signature