[okfn-discuss] CKAN getting spammed again
Rufus Pollock
rufus.pollock at okfn.org
Fri Feb 22 18:13:23 UTC 2008
Luis Villa wrote:
> I'm sort of surprised that there is no attempt to validate that the
> openid is associated with a human. It seems like that is step 1, and
> certainly part of good openid practice.
Just to be clear the spamming is current from 'non-logged in users' who
are just recorded as IP addresses and who do not have an Open ID
account. Currently we allowed editing by such users in the interests of
a preserving a very low barrier to participation.
That said I would note there is nothing to stop automated creation of
Open ID accounts -- the Open ID spec is very clear that it is not a
method for preventing the creation of 'spam' accounts, simply a 'better'
method of doing the authentication -- i.e. the process of saying "you
are X" (open id) is completely separate from the process of saying "X is
a spammer" (identity and attributes are distinct).
~rufus
More information about the okfn-discuss
mailing list