On Thu, 2020-05-21 at 22:07 +0200, Toralf Förster wrote: > On 5/21/20 11:43 AM, Michał Górny wrote: > > On Thu, 2020-05-21 at 11:17 +0200, Toralf Förster wrote: > > > On 5/21/20 10:47 AM, Michał Górny wrote: > > > > TL;DR: I'm looking for opinions on how to protect goose from spam, > > > > i.e. mass fake submissions. > > > > > > > > > > I'd combine IP-limits with proof-of-work. > > > CAPTCHA should be the very last option IMO. > > > > > > > To be honest, I don't see the point for proof-of-work if we have IP > > limits. > > > > The POW has to be made for every submission and should (somehow) include the > IP-address. > So you have 2 barriers. None of both is perfect but their combination is > expensive.
No, one of them is expensive while the other is completely covered by it. I can't imagine requiring PoW that expensive that it would limit requests more than a reasonable IP limiting. -- Best regards, Michał Górny
Description: This is a digitally signed message part