Introducing Diskuto - an embeddable comment system

Suliman via Digitalmars-d-announce digitalmars-d-announce at puremagic.com
Fri Mar 17 10:30:00 PDT 2017


On Friday, 17 March 2017 at 16:42:28 UTC, Sönke Ludwig wrote:
> Am 17.03.2017 um 16:42 schrieb cym13:
>> On Wednesday, 15 March 2017 at 02:14:34 UTC, Sönke Ludwig 
>> wrote:
>>> Am 14.03.2017 um 21:56 schrieb Daniel Kozak via 
>>> Digitalmars-d-announce:
>>>> Dne 14.3.2017 v 21:24 Sönke Ludwig via 
>>>> Digitalmars-d-announce napsal(a):
>>>>>
>>>>> Did you delete the comments yourself? The time limit for
>>>>> deletion/editing currently isn't enforced on the server 
>>>>> (ticket
>>>>> already open), so anyone can delete their own tickets 
>>>>> currently at any
>>>>> time.
>>>>>
>>>>> I've noted the other issues and will tackle those tomorrow.
>>>> I have deleted not only my comments, I can delete enyone 
>>>> comment
>>>
>>> Okay, that was supposed to be implemented before 1.0.0, but 
>>> then I
>>> forgot about it:
>>> https://github.com/rejectedsoftware/diskuto/blob/d8376f3e54a03574f69af13a0b41b5e994b6ce44/source/diskuto/web.d#L107
>>>
>>
>> You'll also want a CSRF token for that, checking that the user 
>> is the
>> author isn't enough.
>
> True, I have that and some other standard measures planned, but 
> for now I wanted to concentrate on getting the general 
> functionality and layout done. On the "security" side, simple 
> moderation and registered user support is now in but still 
> needs some additions, and the spam filter integration still 
> needs a little work.
>
> IMO, those are the most important things for the start, because 
> realistically nobody is going to implement a CSRF attack 
> against this in the foreseeable future, and even if, the impact 
> would be extremely limited (since only posts of the last 15 
> minutes can be changed anyways).

Please add oAuth with Google instead anti-spam. I really captcha 
end other stupid system where computer make decision enough am I 
human or no.

Also auth with Telegram is very good thing. I think it would 
enough for 90% of users.


More information about the Digitalmars-d-announce mailing list