On Friday, 17 March 2017 at 16:42:28 UTC, Sönke Ludwig wrote:
Am 17.03.2017 um 16:42 schrieb cym13:
On Wednesday, 15 March 2017 at 02:14:34 UTC, Sönke Ludwig wrote:
Am 14.03.2017 um 21:56 schrieb Daniel Kozak via Digitalmars-d-announce:
Dne 14.3.2017 v 21:24 Sönke Ludwig via Digitalmars-d-announce napsal(a):

Did you delete the comments yourself? The time limit for
deletion/editing currently isn't enforced on the server (ticket already open), so anyone can delete their own tickets currently at any
time.

I've noted the other issues and will tackle those tomorrow.
I have deleted not only my comments, I can delete enyone comment

Okay, that was supposed to be implemented before 1.0.0, but then I
forgot about it:
https://github.com/rejectedsoftware/diskuto/blob/d8376f3e54a03574f69af13a0b41b5e994b6ce44/source/diskuto/web.d#L107


You'll also want a CSRF token for that, checking that the user is the
author isn't enough.

True, I have that and some other standard measures planned, but for now I wanted to concentrate on getting the general functionality and layout done. On the "security" side, simple moderation and registered user support is now in but still needs some additions, and the spam filter integration still needs a little work.

IMO, those are the most important things for the start, because realistically nobody is going to implement a CSRF attack against this in the foreseeable future, and even if, the impact would be extremely limited (since only posts of the last 15 minutes can be changed anyways).

Please add oAuth with Google instead anti-spam. I really captcha end other stupid system where computer make decision enough am I human or no.

Also auth with Telegram is very good thing. I think it would enough for 90% of users.

Reply via email to