On 02/19/2011 11:21 AM, Richard Hipp wrote: > Out of curiosity, wouldn't bots be able to use the onClick JS on the > login page to automatically fill-in the captcha the same way people > do? > > > They could, but that have not been observed to do so. > > Perhaps the thing to do (for unauthenticated logins only) is recode all > <a href=>...</a> as <span class="..." href=..>...</span> and then have a > small bit of javascript that converts them all to <a> upon a single > button click. Then put a button at the top of the page that says > "Activate Hyperlinks". That button might also set a cookie that > automatically enables hyperlinks on subsequent pages.
As someone who may be indirectly responsible for the turmoil here, let me observe that we may be losing the thread. I'd be perfectly satisfied with the links hidden, and so on. I just wanted to be able to link directly to the zip's for the source. (I misunderstood, and turned on 'history' for 'nobody' by mistake.) I'd be perfectly satisfied if someone coming in from off site on a link to a zip were redirected to the login page - particularly if the download of the zip continued once they were past the captcha. The underlying problem that precipitated the situation was that if I posted a link to a zip, a user who followed the link would be greeted with a 'Forbidden' reply and no clue as to how to remedy the situation. -- 73 de ke9tv/2, Kevin _______________________________________________ fossil-users mailing list fossil-users@lists.fossil-scm.org http://lists.fossil-scm.org:8080/cgi-bin/mailman/listinfo/fossil-users
