[webteam] auth idea
Peter Saint-Andre
stpeter at stpeter.im
Tue Jan 29 16:44:39 CST 2008
Matthew Wild wrote:
> On Jan 29, 2008 10:06 PM, Peter Saint-Andre <stpeter at stpeter.im> wrote:
>> That's basically what XEP-0070 defines. The problem is, there is a spam
>> attack: I write a bot that inputs your JID repeatedly and you receive
>> hundreds of verification requests in your Jabber client. Not good.
>
> But you would be keeping track of JIDs<->secret URLs already
> presumably, I can't see it would be hard to disallow more than one
> request on the same JID (in X amount of time)?
>
> This is how most websites currently work with email confirmations.
> Some give a secondary URL, a kind of "I don't want you to bother me
> again" one.
Ah, true.
Peter
--
Peter Saint-Andre
https://stpeter.im/
-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/x-pkcs7-signature
Size: 7338 bytes
Desc: S/MIME Cryptographic Signature
Url : http://mail.jabber.org/pipermail/webteam/attachments/20080129/37cf8955/attachment.bin
More information about the webteam
mailing list