Received: from server1.mit (SERVER1 [192.168.2.1]) by server1.mit with SMTP (Microsoft Exchange Internet Mail Service Version 5.5.2653.13) id JFS483P8; Wed, 9 Jun 2004 11:15:18 +0200 Received: by server1.mit (Microsoft Exchange Connector for POP3 Mailboxes 4.50.2113) with SMTP (Global POP3 Download) id MSG06092004-111505-4909.MMD@mit; Wed, 9 Jun 2004 11:15:05 +0200 X-Envelope-From: X-Envelope-To: X-Delivery-Time: 1086772064 Received: from lists.netfielders.de (41.207.203.213.rev.inetbone.net [213.203.207.41]) by mailin.webmailer.de (8.12.10/8.12.10) with ESMTP id i5997e8U005097; Wed, 9 Jun 2004 11:07:40 +0200 (MEST) Received: from localhost ([127.0.0.1] helo=lists.netfielders.de) by lists.netfielders.de with esmtp (Exim 3.35 #1 (Debian)) id 1BXz31-0006Au-00; Wed, 09 Jun 2004 11:07:03 +0200 Received: from relay.serverdienst.net ([62.75.167.60]) by lists.netfielders.de with esmtp (Exim 3.35 #1 (Debian)) id 1BXz2w-0006An-00 for ; Wed, 09 Jun 2004 11:06:58 +0200 Received: from port-195-158-167-196.dynamic.qsc.de ([195.158.167.196] helo=mimose.baschny.de) by relay.serverdienst.net with asmtp (Exim 3.36 #5) id 1BXz2w-0006go-00 for typo3-dev@lists.netfielders.de; Wed, 09 Jun 2004 11:06:58 +0200 Received: from mimose.intra.vpn (localhost [127.0.0.1]) by mimose.baschny.de (8.12.3/8.12.3/SuSE Linux 0.6) with ESMTP id i5996tKM013785 for ; Wed, 9 Jun 2004 11:06:55 +0200 Received: from localhost (ernst@localhost) by mimose.intra.vpn (8.12.3/8.12.3/Submit) with ESMTP id i5996swv013782 for ; Wed, 9 Jun 2004 11:06:54 +0200 Date: Wed, 9 Jun 2004 11:06:53 +0200 (CEST) From: Ernesto Baschny To: List for Core-/Extension development Subject: Re: [Typo3-dev] security suggestion for tipafriend ext In-Reply-To: MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=X-UNKNOWN X-BeenThere: typo3-dev@lists.netfielders.de X-Mailman-Version: 2.1.2 Precedence: list Reply-To: List for Core-/Extension development List-Id: List for Core-/Extension development Message-ID: List-Help: List-Post: List-Subscribe: , List-Archive: List-Unsubscribe: , Sender: typo3-dev-bounces@lists.netfielders.de Errors-To: typo3-dev-bounces@lists.netfielders.de Content-Transfer-Encoding: 8bit X-MIME-Autoconverted: from QUOTED-PRINTABLE to 8bit by mailin.webmailer.de id i5997e8U005097 Hi! On Wed, 9 Jun 2004, Andreas Otto wrote: > On Tuesday 08 June 2004 23:55, Kasper Skårhøj wrote: > > I don't think the session thing here improves anything - after all a > > spammer wouldn't accept cookies and thus no sessions... > > Well, this depends on how you utilise the native PHP session functions. AFAIK > Chi Hoang is using native sessions in his improvements. > And because he is using native sessions no cookies will be needed if you > enable session.use_trans_sid in the php.ini. Which still doesn't avoid the spam problematic, since you can't avoid someone to just strip the session-id from the GET-parameter (which is where it will be placed in case of use_trans_sid). It is not possible to maintain a session if the user doesn't want it, so I don't think this is a good solution to the problem. You could always keep track the posters IP and limit by IP, but this can also be circumvented (switching IPs, using thousands of proxies, etc). _______________________________________________ Typo3-dev mailing list Typo3-dev@lists.netfielders.de http://lists.netfielders.de/cgi-bin/mailman/listinfo/typo3-dev