Issue 2550919
Created on 2016-07-06 01:27 by rouilj, last changed 2019-11-09 05:44 by rouilj.
msg5764 |
Author: [hidden] (rouilj) |
Date: 2016-07-06 01:27 |
|
In https://hg.python.org/tracker/python-dev/rev/83477f735132
there is a patch for registration that requires a delay of at least 4
seconds between the time the form was generated and the time
the form was returned.
This is designed to catch fill-in attempts by bots.
Do we want to adopt this patch? Perhaps setting the delay time as a
config file parameter?
This seems to have worked well for them based on:
http://psf.upfronthosting.co.za/roundup/meta/issue105
(old comments but...)
|
msg6806 |
Author: [hidden] (rouilj) |
Date: 2019-11-09 05:36 |
|
Took the patch and adapted it to core. Both python 2 and 3 tests pass.
The original code wasn't catching exceptions that can come from
somebody hacking the opaque token. I think I am catching them all now.
Make the hidden field name different from Erik's code so in theory
both can live together.
Added registration_delay option in [web] section of config.ini. If set
to 0 delay check is disabled. If set > 0 it is the number of seconds of
delay. Default 4 seconds.
rev5973:fe334430ca07 for most of it with rev5974:98a8509ce45c
|
msg6807 |
Author: [hidden] (rouilj) |
Date: 2019-11-09 05:44 |
|
and rev5975:59842a3e8108 for the last component I hope.
|
|
Date |
User |
Action |
Args |
2019-11-09 05:44:29 | rouilj | set | messages:
+ msg6807 |
2019-11-09 05:36:56 | rouilj | set | keywords:
+ Effort-Medium, python3, python2, - Effort-Low assignee: rouilj messages:
+ msg6806 status: new -> fixed resolution: fixed |
2016-07-06 01:27:37 | rouilj | create | |
|