home links tools blog about

« ReverseDOS 2.8 in Testing | Main | It's alive »

July 28, 2005


Ayende Rahien

I can't wait. One question though, does it include the MT black list integration?

Michael K. Campbell

It doesn't. The big goal here was to re-architect to avoid the 2.1 bugs. That said, the re-architecture was also done with the express intention of being able to quickly integrate the MT Blacklist (and any other external resource) into future versions. If all goes well, I should have that functionality soon (i.e. next week). And because 2.8 moves everything out of the web.config, upgrading fro 2.8 to 3.x will be super easy: just paste in the new .dlls, and then add in a directive telling ReverseDOS how often to pull in the MT blacklist.

Jamie Thingelstad

Hey, you spelled my name wrong. ;-) It's Thingelstad. MT blacklist integration will be AWESOME! Also, how about that Trusted URL feature?

Michael K. Campbell

Jamie, Man. I'm totally sorry about misspelling your name. Problem is I triple checked the spelling (but was focusing on the stad part). I've corrected the spelling. All 4 of the people that subscribe to my blog via aggregators will just have to pay the price of sucking it back in ;) As for the url thingy. I've actually given that some thought. The problem is that it's simply too easy for spammers to spoof the referal. Obviously, that's not an issue for referrer spammers, but for comment spammers, if they just make the referrer contain yoursite[/yourblog]/admin/, then they're in. At least, that was my thinking... And I then went on thinking of elaborate ways to bind to multiple events in the pipeline and delay 'response' etc. Then it dawned on me: If we say: JUST LET ANYTHING in the /admin/ directory skip processing, then we're fine. Who cares about the referrer. If the request is in /admin/ (or some other specified directory), the assumption is that any activity in there will be sanctioned by virtue of some authorization protocol/process. (And actually, I think this is more or less along the lines of how you talked about it anyhow -- i was just too busy thinking about it from my own perspective to hear). So yeah, I'll be adding it.

The comments to this entry are closed.