pldb icon indicating copy to clipboard operation
pldb copied to clipboard
verified publisher icon breck7

Spam / vandalism prevention

Open Wilfred opened this issue 3 years ago • 1 comments

It looks like you're allowing anyone to make changes to the site, and any user can impersonate anyone. I don't see anything obviously malicious, although changes like https://github.com/breck7/pldb/commit/2bdc8cda84b66fb3c8aef4637b696aee97c06917 look wrong.

Have you considered adding an authentication mechanism? Since the content is on GitHub, you could probably use that for auth.

Wilfred avatar Aug 27 '22 21:08 Wilfred

Yes, it's high on the todo list! I want to continue to allow anon commits (helpful when I'm on the go in a pinch), but want to set those aside for some manual review.

Should have it in shortly.

breck7 avatar Aug 27 '22 22:08 breck7

Thanks for bringing this up @Wilfred !

I did some work on this this morning (ad10ad50f448e8632bd84615501b02022606b599, caca8f5ddd32a9e349abd6224d59d8c889ab7fff, 009f06a27f52e1d9793b805da0a41b88b73ce85e) and also did a few simple things from an admin side so that if someone did want to vandalize, would be detected and reverted quickly with just a minor annoyance.

breck7 avatar Aug 30 '22 19:08 breck7