[Top][All Lists]

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [Self-platform-dev] Fwd: [bug #22391] Anonymous users can't edit LOs

From: Federico Heinz
Subject: Re: [Self-platform-dev] Fwd: [bug #22391] Anonymous users can't edit LOs
Date: Mon, 24 Mar 2008 11:11:22 -0300

On 23/03/2008, Dinesh Joshi wrote: 
> Tying the users to an IP or rather the changes to a particular IP is
> as good as not storing anything. The only use of logging IPs is when
> anonymous users are allowed to edit LOs. For example, a spammer
> creates spam articles and you'd want to ban that IP.

I know it's not particularly useful, other than for having *some* handle. It
is not a good solution, it's just better than having everything thrown into the
same bin. Maybe logging a hash of the session cookie is a better solution?

> Captchas are a good security measure but are vulnerable these days.

They are, but only for specific cases. I haven't heard of successful attacks on
recaptcha <>, which even helps a good cause!

> Besides, anonymous edits dont serve a good purpose. If you're thinking
> of making it easy for people to quickly edit LOs then why not
> authenticate against an OpenID account ( see: )?

Because some people don't want to have an openid account (/me raises hand), and
sometimes I just might want to post anonymously. Anonymity does serve a
purpose. It creates problems, but they are not as serious as the ones created
by its loss.


Attachment: signature.asc
Description: PGP signature

reply via email to

[Prev in Thread] Current Thread [Next in Thread]