On Friday, 17 March 2017 at 16:42:28 UTC, Sönke Ludwig wrote:
Am 17.03.2017 um 16:42 schrieb cym13:
On Wednesday, 15 March 2017 at 02:14:34 UTC, Sönke Ludwig
wrote:
Am 14.03.2017 um 21:56 schrieb Daniel Kozak via
Digitalmars-d-announce:
Dne 14.3.2017 v 21:24 Sönke Ludwig via
Digitalmars-d-announce napsal(a):
Did you delete the comments yourself? The time limit for
deletion/editing currently isn't enforced on the server
(ticket
already open), so anyone can delete their own tickets
currently at any
time.
I've noted the other issues and will tackle those tomorrow.
I have deleted not only my comments, I can delete enyone
comment
Okay, that was supposed to be implemented before 1.0.0, but
then I
forgot about it:
https://github.com/rejectedsoftware/diskuto/blob/d8376f3e54a03574f69af13a0b41b5e994b6ce44/source/diskuto/web.d#L107
You'll also want a CSRF token for that, checking that the user
is the
author isn't enough.
True, I have that and some other standard measures planned, but
for now I wanted to concentrate on getting the general
functionality and layout done. On the "security" side, simple
moderation and registered user support is now in but still
needs some additions, and the spam filter integration still
needs a little work.
IMO, those are the most important things for the start, because
realistically nobody is going to implement a CSRF attack
against this in the foreseeable future, and even if, the impact
would be extremely limited (since only posts of the last 15
minutes can be changed anyways).
Please add oAuth with Google instead anti-spam. I really captcha
end other stupid system where computer make decision enough am I
human or no.
Also auth with Telegram is very good thing. I think it would
enough for 90% of users.
