[cgiapp] CGI::Application wiki page SettingDropDownValues updated by BryanSmith
Brian Wightman
MidLifeXis at wightmanfam.org
Fri Oct 26 08:56:37 EDT 2012
On Thu, Oct 25, 2012 at 4:58 PM, Ron Savage <ron at savage.net.au> wrote:
> > On 10/25/2012 10:51 AM, Brian Wightman wrote:
> >> Are we able to block this username (I know it won't be very effective)
> from
> >> doing any type of updates? Perhaps just bit-bucketing them or
> blacklisting
> >> the IP for a period of time?
> >
> > I believe we have, or can have, root access on the server where the site
> > is hosted. So we have some options to block IPs at the OS or Apache
> level.
>
> On 26/10/12 02:01, Mark Stosberg wrote:
> AFAIK, some ISPs, including Amazon, share IPs among many users, so
> blocking an IP is contentious.
>
I agree on the IP sharing concerns. When done, I have seen it happen for a
limited time. I would still have a potential impact on legitimate edits.
> > The application could be patched to ban this username as well.
>
> Could be done, but then he'd switch.
>
> I suggesting disabling edits unless the user name is on a list. Then
> there's the chance the abuser would see legit edits and impersonate that
> user...
>
The suggestions I have seen so far (mine included) are easily
circumvented. I am not certain how much coding is worth doing to only
raise the bar to such a low level. If there is something to implement any
of the username suggestions already present in the software, it might be
worth turning on. Anything requiring additional coding for minimal return,
IMO, is probably not worth the effort.
Just my $0.02.
--mlx
More information about the cgiapp
mailing list