[geeklog-devtalk] Remote Authentication ;-)

[Michael Jervis]

> You could also make it a separate field.  I had suggested 

> allowing the GL admin control a list of sites that were 

> allowed to cross authenticate with theirs


Something I hand't forgotten, it's on my to-do list when the basic way the
remote authentication is done can work.

I think the problem with having it as a separate field, is as mentioned, all
the places you need to highlight that it's a separate user.


> Otherwise without explicit restrictions, our spammers could 

> quickly setup a geeklog site and visit every site out there 

> before we knew what hit us.


Spammers will have blogger.com, livejournal.com, typekey.com and loads of
geeklog instances to sign up for, which they will do eventualy. I've already
had some instances of profile spam on my site (Username: girlspissing
Homepage...)

But, their accounts will die as fast as their spam. And having to find a
site to register at will slow them down (I hope)
-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/x-pkcs7-signature
Size: 3030 bytes
Desc: not available
Url : <http://eight.pairlist.net/pipermail/geeklog-devtalk/attachments/20050203/41157867/attachment.bin>