I think just restricting it to URL's in the Thousand Parsec wiki or website would solve most of the problems.
To spam a person would then need to do the following, 1. Create an account on the wiki 2. Create the spam page 3. Start a server 4. Get the server to register with the spam page Which is probably beyond the scope of your average spammer. We will probably have to deal with normal wiki spam anyway in the future anyway. Another way could be for the metaserver to understand which web page is for what ruleset name (just a simple table in a database). That might work for a temporary solution while our number of rulesets is in the single or double digits. Tim 'Mithro' Ansell On Sun, 2007-06-10 at 20:00 -0700, Tyler wrote: > This doesn't sound like too much of a potential security problem to > me. If the URL (et al) is stored and served up by the metaserver, then > it would be very simple to have the data be verified manually (by > admins) when the server is registered. Alternatively, I can't imagine > it would be too much work to verify the URL similar to the way many > modern browsers check for suspicious sites - lists and/or Google's PR. > Also a notice/warning could be tagged on saying that the user should > be suspicious of any untrusted sites/links since they're not hosted by > TP. A combination of these 3 seems most reasonable - automatic > detection with manual override / approval, after which the warning > could be removed. > > Or of course, we could only allow URLs to TP hosted info (limited to > PDFs, wiki, etc?). Which now that I think about it, may have been what > you were getting at ;P. > > - Tyler > > On 6/10/07, Sijmen Mulder <[EMAIL PROTECTED]> wrote: > Hi, > > I wonder whether that would be a security risk. If a server > could > just give any URL, one could setup a server with the sole > purpose to > redirect users to a malicious website. Depending on what > browser is > used, this could give some problems, or not? <snip - Don't forget to trim your footers!> > _______________________________________________ tp-devel mailing list [email protected] http://www.thousandparsec.net/tp/mailman.php/listinfo/tp-devel
