On Sun, Oct 5, 2014 at 1:34 PM, Rob <robjo...@gmail.com> wrote: > Legend has it that on 05/10/2014 18:55, the fair wind whisper'd the > words of Stephan Beal: > > i.e. what i'm afraid of is that once you start hosting a repo with > > such an option for the registration page, some bot is going to come > > along, register himself, and start flooding your tickets and wiki > > pages with... whatever it is that bots fill tickets and pages > > with. > I think moderation can be helpful in this case, but it is a fairly > thin line. If registering is too easy (i.e. it has no captcha or has > something that can be defeated easily), bots might end up spamming the > repository as you said. If the registration is too hard (e.g. takes > too much time or is unsolvable), users are not going to register to > report bugs, contribute to the wiki, etc. > I can disable the self-register option, but in most cases, users would > rather self-register than contact me for a registration request.
An audio CAPTCHA is possible, but you would need help from a webserver to do this. Off hand, I can think of 2 options. 1. Have the webserver run Fossil as a CGI or SCGI, letting the webserver handle user management. This is the easiest. 2. Enhance Fossil to provide an encrypted copy of the "secret string" for use by the CGI/whatever that handles the audio CAPTCHA. (I can help with the encryption part.) And to have an alternate Javascript in the registration page that uses the CAPTCHA handling CGI/whatever instead of the auto-CAPTCHA. While the easiest way to handle a CAPTCHA would be to subscribe to one of the existing CAPTCHA services, you could do it by yourself. Maybe there are open source tools for implementing CAPTCHAs, but I don't know. If you decide to do it yourself, your CGI/whatever will need to generate some text, convert it to speech, send an audio file to the browser, then accept and verify the response. Your response handler will likely need to be tolerant of spelling variations. For the audio part, in the past (about 6 years ago) I have used eSpeak and Festival (both open source) for text-to-speech. As I recall, neither was hard to use. To avoid bots clever enough to have speech-to-text handling, I would suggest the generated audio describe something, including random details, then ask the user about 2 or 3 of the random details.
_______________________________________________ fossil-users mailing list fossil-users@lists.fossil-scm.org http://lists.fossil-scm.org:8080/cgi-bin/mailman/listinfo/fossil-users
