Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Hardening article writing #25

Open
ctmbl opened this issue Nov 2, 2022 · 0 comments
Open

Hardening article writing #25

ctmbl opened this issue Nov 2, 2022 · 0 comments
Labels
Priority: Medium The Issue must be addressed as soon as possible Security issue A potential security issue Severity: Major The bug or Issue prevent a feature from working or present a possible security issue

Comments

@ctmbl
Copy link
Contributor

ctmbl commented Nov 2, 2022

Context:
The blog as it has been released on v0.1.0 seems really vulnerable to DB filling to me.

Problem:
I didn't tried it but it shouldn't be impossible for anyone to write a simple python script submitting millions of new articles filling the iScsc database.
This also brought to my attention that at the moment nothing forbid a non iScsc member to create an account and write a blog... not that we want to be sectarian but that also means that anyone can write anything, potentially non-related subject or worse...

Solution:
First of all we should at least add a Captcha or something to prevent a bot from being able to submit an article.
Additionally, I would like to let only iScsc member write article for the time being, for example with a iScsc badge added to the profile page, which would fit nicely I think to the v0.2.0
Later we should maybe add a review step from iScsc member for articles submitted by non-members, and limit pending articles to a reasonable number, once again to prevent DB filling.
@ctmbl ctmbl added enhancement New feature or request help wanted Extra attention is needed Security issue A potential security issue Priority: Medium The Issue must be addressed as soon as possible Severity: Major The bug or Issue prevent a feature from working or present a possible security issue labels Nov 2, 2022
@ctmbl ctmbl added this to the iScsc blog v0.2.0 milestone Nov 2, 2022
@ctmbl ctmbl moved this to Backlog in iScsc website Nov 2, 2022
@ctmbl ctmbl removed help wanted Extra attention is needed enhancement New feature or request labels Nov 14, 2022
@ctmbl ctmbl removed this from the iScsc blog v0.2.0 milestone Dec 16, 2022
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
Priority: Medium The Issue must be addressed as soon as possible Security issue A potential security issue Severity: Major The bug or Issue prevent a feature from working or present a possible security issue
Projects
iScsc website
Status: Backlog
Milestone
No milestone
Development

No branches or pull requests
1 participant
@ctmbl