1 Reply by xorius

(9 replies, posted in Site Discussion)

I guess I would ask why? In theory, it would be safe / secure / anonymous. You have to remember fewer passwords, and this site would never ever see your authentication. It also wouldn't know your email address, only that you have been authenticated by a trusted third party for your specific account.

You as a user get to choose which 3rd parties you authenticate against as well, so you can avoid google or facebook if you don't trust them, and go with yahoo, or someone else who supports it.

Is your reaction based on superstition or is there some merit as to why you would dislike having that kind of integration?

Go to forum: Site Discussion

2 Reply by xorius

(9 replies, posted in Site Discussion)

Ok so, one thing to think about is using something like OpenID for authentication, you can tie a user account into facebook / google / yahoo for authentication. People don't need to remember an extra password, and their stuff is going to be way better at preventing bots than your stuff will. It is "supposedly" easy to set up as well.

Of course this still doesn't prevent actual people from logging in and spamming.

http://en.wikipedia.org/wiki/OpenID

Go to forum: Site Discussion

3 Reply by xorius

(9 replies, posted in Site Discussion)

They are breaking through CAPTCHA? yikes...

I suppose it's possible that it is just some low wage person hired to do it manually. Maybe you could ban specific offending IPs, assuming they are not using some crazy tunneling protocol.

There might be some email scanning software out there as well, that can check for spamlike content, maybe some sort of google gmail plugin?

I don't really have many suggestions on how to handle this sort of thing, I've not built a public web app before :-(

Go to forum: Site Discussion

4 Topic by xorius

(9 replies, posted in Site Discussion)

I got propositioned by some scam bot account today, here is its profile.

http://deckbox.org/users/ddona

It would be good to put a bot filter on the account creation page to prevent screen scraping bots from creating accounts and spamming us innocent users. The easiest thing to do would probably be to put in a CAPTCHA plugin, though I believe there are other more elegant solutions out there.

Go to forum: Site Discussion

5 Reply by xorius

(6 replies, posted in General Discussion)

Sounds like this belongs in feature requests!

Go to forum: General Discussion

6 Reply by xorius

(3 replies, posted in Site Discussion)

Thanks for your swift reply, looking forward to seeing it ^_^. Out of curiosity, how many people do you have working on this site?

Go to forum: Site Discussion

7 Reply by xorius

(150 replies, posted in Site Discussion)

So what is the progress on this? 2 years later.

Go to forum: Site Discussion

8 Topic by xorius

(3 replies, posted in Site Discussion)

Great work on the site, but right now it is pretty insecure, sending plain text passwords over the internet as well as personal information if you decide to create a profile.

SSL authentication shouldn't be incredibly hard to set up, assuming you are willing to pony up a couple hundred bucks for a properly signed SSL certificate. Verisign will back down in price a lot if you call them, and there are cheaper people out there too.

Thanks!

Go to forum: Site Discussion