On Fri, Jun 02, 2006 at 12:57:50PM +0100, Michael Rogers wrote: > Matthew Toseland wrote: > >Didn't work for me. No node named Big Brother was added to my routing > >table. And I have javascript enabled. > > Sorry, there was a field missing from the form - could you try it again? > > >But this should be solvable by reconfirming anything not from the proxy > >itself, right? > > Not sure if reconfirming will help; a script could submit the form and > then submit the confirmation a couple of seconds later. You need to put > something in the form that a script can't guess, eg a hidden field > containing a random number.
Wouldn't that require think-cash or something? A script can open the /darknet page in an iframe, submit the form, then submit the confirmation? So how do we prevent this? Think-cash? That's horrible. How do other projects prevent these sorts of dirty tricks? It must be a common problem for locally run web services? Or even for remotely run ones! > > Cheers, > Michael -- Matthew J Toseland - toad at amphibian.dyndns.org Freenet Project Official Codemonkey - http://freenetproject.org/ ICTHUS - Nothing is impossible. Our Boss says so. -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 189 bytes Desc: Digital signature URL: <https://emu.freenetproject.org/pipermail/devl/attachments/20060602/a96d19a0/attachment.pgp>
