One of the reasons for the OpenPBX.org project was to lower the barriers to entry for participation. I guess that adds additional frustration to this issue.
-Nate > -----Original Message----- > From: Daniel Swarbrick [mailto:[EMAIL PROTECTED] > Sent: Friday, August 04, 2006 5:15 PM > To: OpenPBX.org Developers Mailing List > Subject: Re: [Openpbx-dev] Trac spam > > > Nathan Hawkins wrote: > > Can we require a valid email address and a verification > through email > > before we enable a username/password? > > > > Something like subscribing to a mailing list? > > > > Trac permissions are set independently to Apache "htpasswd" > users, but > if the username matches up, permission is granted. Just take > away Trac > permission for "Anonymous" to open tickets or edit pages, and it then > forces somebody to have successfully logged in via HTTP basic auth. > > It means somebody will have to maintain the htpasswd file, or maybe > implement an automated signup procedure (with a captcha). I > don't think > the spambots will brute force a valid Apache username/password. > > Look at how FreeSWITCH do it - you can't even access Trac without a > username. Maybe a little bit extreme, but it is possible to configure > Trac to offer read-only access to unauthenticated users. > _______________________________________________ > Openpbx-dev mailing list > [email protected] > http://lists.openpbx.org/mailman/listinfo/openpbx-dev > _______________________________________________ Openpbx-dev mailing list [email protected] http://lists.openpbx.org/mailman/listinfo/openpbx-dev
