[Tracker-discuss] [issue105] Dealing with spam
Paul Dubois
metatracker at psf.upfronthosting.co.za
Thu Mar 22 01:56:18 CET 2007
Paul Dubois added the comment:
The tracker does not accept anonymous email submissions, and requires
mail confirmation for registration. There was no user-entered data
associated with the user before I retired it, other than name and the
yahoo address.
It is important in my mind that this discussion not focus just on the
"issues" and messages, since it is only a rogue user that can cause
trouble. If no rogue users get registered, no trouble. And a rogue
user can cause other trouble, not just spam.
Now in fact we don't have to give anonymous users ANY permissions,
including the ability to register. We could have them fill out an
application form, for example, that a human would review, or with the
character recognition stuff.
Here's some excepts from config.ini:
# Register new users instantly, or require confirmation via
# email?
# Allowed values: yes, no
# Default: no
instant_registration = no
# Offer registration confirmation by email or only through the web?
# Allowed values: yes, no
# Default: yes
email_registration_confirmation = yes
And from the security section of schema.py:
# Assign the appropriate permissions to the anonymous user's Anonymous
# Role. Choices here are:
# - Allow anonymous users to register
db.security.addPermissionToRole('Anonymous', 'Create', 'user')
# Allow anonymous users access to view issues (and the related, linked
# information)
for cl in 'issue', 'file', 'msg', 'severity', 'status', 'resolution':
db.security.addPermissionToRole('Anonymous', 'View', cl)
On 3/21/07, Richard Jones <metatracker at psf.upfronthosting.co.za> wrote:
>
> Richard Jones added the comment:
>
> I just had a look at the spam entry mentioned at the start of this issue (1002)
> and unfortunately it looks like the user record has been expired as I can't find
> out more detail.
>
> Does the tracker currently accept anonymous email submissions?
>
> It would seem that's the most likely vector for this submission since the
> incoming mail address is out in the wild.
>
> _______________________________________________________
> Meta Tracker <metatracker at psf.upfronthosting.co.za>
> <http://psf.upfronthosting.co.za/roundup/meta/issue105>
> _______________________________________________________
> _______________________________________________
> Tracker-discuss mailing list
> Tracker-discuss at python.org
> http://mail.python.org/mailman/listinfo/tracker-discuss
>
_______________________________________________________
Meta Tracker <metatracker at psf.upfronthosting.co.za>
<http://psf.upfronthosting.co.za/roundup/meta/issue105>
_______________________________________________________
More information about the Tracker-discuss
mailing list