problem is as follows, methinks:
when something fails auth, it still is saved to a reject file, just like
normal svn. the problem is that once something succeeds in auth, then
any rejects are automatically appended. now, we cant just get rid of rejects
in the event that someone mistypes their password or something, cause then
theyd lose all their changes. this leads to one of two possible solutions:
a) bind rejects to an ip. only merge in rejects from the same ip. (not as
good)
b) require auth before getting to edit page.
of the two, b seems much cleaner, and avoids the problem of merges even from
non-webpage edits.
-elf
On Sat, 16 Feb 2008, Jim Ursetto wrote:
This makes sense. However, since spam is apparently bypassing authorization
--the index page can't be edited anonymously--and also logging, I was concerned
there is a more critical underlying problem. It might even affect more than
the index page.
On 2/16/08, felix winkelmann <[EMAIL PROTECTED]> wrote:
Actually, why don't we simply disable web-editing of the index page?
It seems to be the only one that's heavily spammed, and it shouldn't
very often be modified by the casual user.
_______________________________________________
Chicken-users mailing list
Chicken-users@nongnu.org
http://lists.nongnu.org/mailman/listinfo/chicken-users
_______________________________________________
Chicken-users mailing list
Chicken-users@nongnu.org
http://lists.nongnu.org/mailman/listinfo/chicken-users
