Nathan Hawkins wrote: > Can we require a valid email address and a verification through email > before we enable a username/password? > > Something like subscribing to a mailing list? >
Trac permissions are set independently to Apache "htpasswd" users, but if the username matches up, permission is granted. Just take away Trac permission for "Anonymous" to open tickets or edit pages, and it then forces somebody to have successfully logged in via HTTP basic auth. It means somebody will have to maintain the htpasswd file, or maybe implement an automated signup procedure (with a captcha). I don't think the spambots will brute force a valid Apache username/password. Look at how FreeSWITCH do it - you can't even access Trac without a username. Maybe a little bit extreme, but it is possible to configure Trac to offer read-only access to unauthenticated users. _______________________________________________ Openpbx-dev mailing list [email protected] http://lists.openpbx.org/mailman/listinfo/openpbx-dev
