Re: Wiki 2FA
| От | Magnus Hagander |
|---|---|
| Тема | Re: Wiki 2FA |
| Дата | |
| Msg-id | CABUevEzxhe9JJH9NASs=Se3zGW1pdH66iKY=JmfN3wGo9HP-vQ@mail.gmail.com обсуждение исходный текст |
| Ответ на | Re: Wiki 2FA (Greg Stark <stark@mit.edu>) |
| Ответы |
Re: Wiki 2FA
|
| Список | pgsql-www |
On Sat, Jan 23, 2016 at 10:43 PM, Greg Stark <stark@mit.edu> wrote:
On Sat, Jan 23, 2016 at 8:41 PM, Magnus Hagander <magnus@hagander.net> wrote:
> It does not protect against people signing up for multiple accounts. Unless
> you were actually planning to send out hardware 2FA tokens to each actual
> contributor, but I'm pretty sure you didn't mean that?
We could put a captcha which would at least prevent spammers from
scripting attacks. I'm not sure what type of spamming we've had. I
expect we would still see one-off spam by humans though.
We have a captcha for account singups already. That increased the signup time by 30-45 seconds on average.
We also have a 7 day grace period, so new accounts could not use the wiki for 7 days. It took *exactly* 7 days before the spam started again.
To me it's pretty clear that it did not come from scripts. Another hint of that it that a couple of those "scripts" emailed us asking for us to let them bypass the 7 day grace period.
В списке pgsql-www по дате отправления: