On Friday, 17 March 2017 at 16:42:28 UTC, Sönke Ludwig wrote:
Am 17.03.2017 um 16:42 schrieb cym13:
On Wednesday, 15 March 2017 at 02:14:34 UTC, Sönke Ludwig
Am 14.03.2017 um 21:56 schrieb Daniel Kozak via
Dne 14.3.2017 v 21:24 Sönke Ludwig via
I have deleted not only my comments, I can delete enyone
Did you delete the comments yourself? The time limit for
deletion/editing currently isn't enforced on the server
already open), so anyone can delete their own tickets
currently at any
I've noted the other issues and will tackle those tomorrow.
Okay, that was supposed to be implemented before 1.0.0, but
forgot about it:
You'll also want a CSRF token for that, checking that the user
author isn't enough.
True, I have that and some other standard measures planned, but
for now I wanted to concentrate on getting the general
functionality and layout done. On the "security" side, simple
moderation and registered user support is now in but still
needs some additions, and the spam filter integration still
needs a little work.
IMO, those are the most important things for the start, because
realistically nobody is going to implement a CSRF attack
against this in the foreseeable future, and even if, the impact
would be extremely limited (since only posts of the last 15
minutes can be changed anyways).
Please add oAuth with Google instead anti-spam. I really captcha
end other stupid system where computer make decision enough am I
human or no.
Also auth with Telegram is very good thing. I think it would
enough for 90% of users.