#859: Account registration is disabled.
--------------------------+------------------------
Reporter: freshnewpage | Owner: nobody
Type: defect | Status: new
Priority: major | Product: BHD
Milestone: | Component: siteadmin
Version: | Resolution:
Keywords: |
--------------------------+------------------------
Description changed by freshnewpage:
Old description:
> The registration page is currently disabled:
>
> Visiting the page gives the following error:
>
> Error: Not Found
> No handler matched request to /register
>
> Steps to re-create:
> #. Visit
> https://live.bloodhound.apache.org/bloodhound/products/BHD/register
>
> Root cause:
> The registration page was intentionally disabled due to the volume of
> spurious sign-ups that were coming through.
>
> Desired outcome:
> Make necessary adjustments such that it is acceptable to leave site
> registration on.
>
> Possible solutions:
>
> Signups could be limited to "Apache Committers only" by installing an
> appropriate LDAP config into httpd. This would reduce the spam but the
> downside is that legitimate signups from non-Apache committers would be
> filtered out.
>
> Another idea is using an "email somebody an invite link" that could skip
> that authz/authn step. That would solve the problem. eg. LDAP
> restrictions on (making this up:) live.bh.a.o/signup/ and open for
> live.bh.a.o/invite/
> Potentially downside is volume of span invite requests that need to get
> dealt with by a human.
>
> reCapture style service integration would limit automated signups to
> prevent spam. This could be combined with above approaches.
New description:
The registration page is currently disabled:
Visiting the page gives the following error:
{{{
Error: Not Found
No handler matched request to /register
}}}
Steps to re-create:
#. Visit
https://live.bloodhound.apache.org/bloodhound/products/BHD/register
Root cause:
The registration page was intentionally disabled due to the volume of
spurious sign-ups that were coming through.
Desired outcome:
Make necessary adjustments such that it is acceptable to leave site
registration on.
Possible solutions:
Signups could be limited to "Apache Committers only" by installing an
appropriate LDAP config into httpd. This would reduce the spam but the
downside is that legitimate signups from non-Apache committers would be
filtered out.
Another idea is using an "email somebody an invite link" that could skip
that authz/authn step. That would solve the problem. eg. LDAP restrictions
on (making this up:) live.bh.a.o/signup/ and open for live.bh.a.o/invite/
Potentially downside is volume of span invite requests that need to get
dealt with by a human.
reCapture style service integration would limit automated signups to
prevent spam. This could be combined with above approaches.
--
--
Ticket URL:
<https://live.bloodhound.apache.org/bloodhound/products/BHD/ticket/859#comment:1>
Bloodhound Live <https://live.bloodhound.apache.org/bloodhound>
