Am 17.03.2017 um 18:30 schrieb Suliman:
On Friday, 17 March 2017 at 16:42:28 UTC, Sönke Ludwig wrote:
Am 17.03.2017 um 16:42 schrieb cym13:
On Wednesday, 15 March 2017 at 02:14:34 UTC, Sönke Ludwig wrote:
Am 14.03.2017 um 21:56 schrieb Daniel Kozak via Digitalmars-d-announce:
Dne 14.3.2017 v 21:24 Sönke Ludwig via Digitalmars-d-announce
napsal(a):


Did you delete the comments yourself? The time limit for
deletion/editing currently isn't enforced on the server (ticket
already open), so anyone can delete their own tickets currently at
any
time.

I've noted the other issues and will tackle those tomorrow.
I have deleted not only my comments, I can delete enyone comment

Okay, that was supposed to be implemented before 1.0.0, but then I
forgot about it:
https://github.com/rejectedsoftware/diskuto/blob/d8376f3e54a03574f69af13a0b41b5e994b6ce44/source/diskuto/web.d#L107



You'll also want a CSRF token for that, checking that the user is the
author isn't enough.

True, I have that and some other standard measures planned, but for
now I wanted to concentrate on getting the general functionality and
layout done. On the "security" side, simple moderation and registered
user support is now in but still needs some additions, and the spam
filter integration still needs a little work.

IMO, those are the most important things for the start, because
realistically nobody is going to implement a CSRF attack against this
in the foreseeable future, and even if, the impact would be extremely
limited (since only posts of the last 15 minutes can be changed anyways).

Please add oAuth with Google instead anti-spam. I really captcha end
other stupid system where computer make decision enough am I human or no.

Also auth with Telegram is very good thing. I think it would enough for
90% of users.

The idea is to allow anonymous comments, at least if a site wants to support it, because that can often reduce the initial entry barrier considerably, even compared against a convenient OAuth login.

But the idea is that all kinds of authentication mechanisms can be plugged in using the relatively trivial `DiskutoUserStore` interface. So anyone can use their favorite means. I'd of course accept pull requests to include a range of default options, but I'll probably not have the time to do that myself.

Reply via email to