Improvements implemented by now:

- Authorization and time limit (5min client facing, 15min server facing) is now enforced for editing and deleting comments - The page must be queried first before any action is allowed (prevents trivial command line batch "attacks", as well as trivial spam automation) - The main comment form is minimized by default (only the text area, single-line height)
- Maximum height of comments limited (will show scroll bars if exceeded)
- Temporal boosting limited to hours instead of days
- E-mail and website length limited
- Message contents don't overflow the content area
- Displayed comment count corrected

Some changes may require Ctrl+F5 to refresh the cache.

Thanks to everyone who helped testing the boundaries so far! This definitely sped up the initial finalization phase by a large margin. There are still some open points, but this gets close to being a complete product:

- Implement moderation (!) and user registration to avoid identity spoofing (pluggable source user database) - Additional heuristics to prevent batch operations from a single client, possibly just showing a CAPTCHA for IPs that show a high frequency of operations on the same topic(s) - Work out how to best limit the visual or functional nesting level of comments
- Translations to more languages

Reply via email to