Topic: Censoring - Subscription emails & Send e-mail via forum
If censoring is enabled, should censoring be applied to subscription emails & 'Send e-mail via forum' function?
1 2008-03-31 22:43 (edited by qubertman 2008-04-02 00:40)
Re: Censoring - Subscription emails & Send e-mail via forum
qubertman, the super debugger.
Re: Censoring - Subscription emails & Send e-mail via forum
At the moment, the form for 'Send e-mail via forum' can be submitted remotely. Consequently, email flooding can still be achieved with an automated script, but at the specified email flood interval. Right? Should this be a concern?
Re: Censoring - Subscription emails & Send e-mail via forum
How do you propose we stop that?
Re: Censoring - Subscription emails & Send e-mail via forum
Sorry, I don't know. Is there a way to accept submissions from the site and block remote submissions? Perhaps there will be a captcha extension that can be used here.
Re: Censoring - Subscription emails & Send e-mail via forum
The reason I asked is that I can't think of a way to do so (short of a CAPTCHA, which would obviously be an extension), since there's no such thing as a "remote submission." The headers of any request can be faked and any hidden form fields, etc can be scraped. It's tough. 
Re: Censoring - Subscription emails & Send e-mail via forum
Why is form e-mail part of the core, and subforums not?
Re: Censoring - Subscription emails & Send e-mail via forum
Here is an idea. Also limit to the # of emails that can be sent per hour per user.
Re: Censoring - Subscription emails & Send e-mail via forum
orlandu63 wrote:
Why is form e-mail part of the core, and subforums not?
It's all a matter of opinion. For some people, subforums are necessary; for many basic forums, their needs are satisfied through categories and forums. On the other hand, many forums like having a simple, basic way for users to contact each other privately. Email satisfies that requirement.
Also, implementing subforums efficiently is a non-trivial task, whereas email is fairly simple. Thus, the code for subforums could end up complicating the core any place forums/categories are currently used.
qubertman wrote:
Here is an idea. Also limit to the # of emails that can be sent per hour per user.
That's done implicitly with the flood limit. One email per 60 seconds is 60 emails per hour; one email per 300 seconds is 12 emails per hour. Etc.
Re: Censoring - Subscription emails & Send e-mail via forum
Smartys wrote:
That's done implicitly with the flood limit. One email per 60 seconds is 60 emails per hour; one email per 300 seconds is 12 emails per hour. Etc.
True. However, with the additional setting plus the flood limit, you can have 60 seconds and limit to 10 emails per hour.
Re: Censoring - Subscription emails & Send e-mail via forum
Then set it to one every 360 seconds? 
It could be implemented as an extension, but personally, I think it's overkill for the core.