March 16
Am 16.03.2017 um 08:30 schrieb Sönke Ludwig:
> Am 15.03.2017 um 21:30 schrieb Nick Sabalausky (Abscissa):
>> Nice. The only example code uses diet templates though, how would one
>> embed this when not using diet?
>
> I'll add two more examples - one using only JavaScript to embed the
> comments, which also works for non-D applications, and one using
> `compileDietHTMLFile`, writing the HTML directly to an output range.

The latest version now offers three embedding modes:
https://github.com/rejectedsoftware/diskuto/tree/master/examples

User accounts and simple moderation are also supported now. The embed-diet example shows how this can be plugged in.
6 days ago
On Wednesday, 15 March 2017 at 02:14:34 UTC, Sönke Ludwig wrote:
> Am 14.03.2017 um 21:56 schrieb Daniel Kozak via Digitalmars-d-announce:
>> Dne 14.3.2017 v 21:24 Sönke Ludwig via Digitalmars-d-announce napsal(a):
>>>
>>> Did you delete the comments yourself? The time limit for
>>> deletion/editing currently isn't enforced on the server (ticket
>>> already open), so anyone can delete their own tickets currently at any
>>> time.
>>>
>>> I've noted the other issues and will tackle those tomorrow.
>> I have deleted not only my comments, I can delete enyone comment
>
> Okay, that was supposed to be implemented before 1.0.0, but then I forgot about it:
> https://github.com/rejectedsoftware/diskuto/blob/d8376f3e54a03574f69af13a0b41b5e994b6ce44/source/diskuto/web.d#L107

You'll also want a CSRF token for that, checking that the user is the author isn't enough.
6 days ago
Am 17.03.2017 um 16:42 schrieb cym13:
> On Wednesday, 15 March 2017 at 02:14:34 UTC, Sönke Ludwig wrote:
>> Am 14.03.2017 um 21:56 schrieb Daniel Kozak via Digitalmars-d-announce:
>>> Dne 14.3.2017 v 21:24 Sönke Ludwig via Digitalmars-d-announce napsal(a):
>>>>
>>>> Did you delete the comments yourself? The time limit for
>>>> deletion/editing currently isn't enforced on the server (ticket
>>>> already open), so anyone can delete their own tickets currently at any
>>>> time.
>>>>
>>>> I've noted the other issues and will tackle those tomorrow.
>>> I have deleted not only my comments, I can delete enyone comment
>>
>> Okay, that was supposed to be implemented before 1.0.0, but then I
>> forgot about it:
>> https://github.com/rejectedsoftware/diskuto/blob/d8376f3e54a03574f69af13a0b41b5e994b6ce44/source/diskuto/web.d#L107
>>
>
> You'll also want a CSRF token for that, checking that the user is the
> author isn't enough.

True, I have that and some other standard measures planned, but for now I wanted to concentrate on getting the general functionality and layout done. On the "security" side, simple moderation and registered user support is now in but still needs some additions, and the spam filter integration still needs a little work.

IMO, those are the most important things for the start, because realistically nobody is going to implement a CSRF attack against this in the foreseeable future, and even if, the impact would be extremely limited (since only posts of the last 15 minutes can be changed anyways).
6 days ago
On Friday, 17 March 2017 at 16:42:28 UTC, Sönke Ludwig wrote:
> Am 17.03.2017 um 16:42 schrieb cym13:
>> On Wednesday, 15 March 2017 at 02:14:34 UTC, Sönke Ludwig wrote:
>>> Am 14.03.2017 um 21:56 schrieb Daniel Kozak via Digitalmars-d-announce:
>>>> Dne 14.3.2017 v 21:24 Sönke Ludwig via Digitalmars-d-announce napsal(a):
>>>>>
>>>>> Did you delete the comments yourself? The time limit for
>>>>> deletion/editing currently isn't enforced on the server (ticket
>>>>> already open), so anyone can delete their own tickets currently at any
>>>>> time.
>>>>>
>>>>> I've noted the other issues and will tackle those tomorrow.
>>>> I have deleted not only my comments, I can delete enyone comment
>>>
>>> Okay, that was supposed to be implemented before 1.0.0, but then I
>>> forgot about it:
>>> https://github.com/rejectedsoftware/diskuto/blob/d8376f3e54a03574f69af13a0b41b5e994b6ce44/source/diskuto/web.d#L107
>>>
>>
>> You'll also want a CSRF token for that, checking that the user is the
>> author isn't enough.
>
> True, I have that and some other standard measures planned, but for now I wanted to concentrate on getting the general functionality and layout done. On the "security" side, simple moderation and registered user support is now in but still needs some additions, and the spam filter integration still needs a little work.
>
> IMO, those are the most important things for the start, because realistically nobody is going to implement a CSRF attack against this in the foreseeable future, and even if, the impact would be extremely limited (since only posts of the last 15 minutes can be changed anyways).

Please add oAuth with Google instead anti-spam. I really captcha end other stupid system where computer make decision enough am I human or no.

Also auth with Telegram is very good thing. I think it would enough for 90% of users.
6 days ago
Am 17.03.2017 um 18:30 schrieb Suliman:
> On Friday, 17 March 2017 at 16:42:28 UTC, Sönke Ludwig wrote:
>> Am 17.03.2017 um 16:42 schrieb cym13:
>>> On Wednesday, 15 March 2017 at 02:14:34 UTC, Sönke Ludwig wrote:
>>>> Am 14.03.2017 um 21:56 schrieb Daniel Kozak via Digitalmars-d-announce:
>>>>> Dne 14.3.2017 v 21:24 Sönke Ludwig via Digitalmars-d-announce
>>>>> napsal(a):
>>>>>>
>>>>>> Did you delete the comments yourself? The time limit for
>>>>>> deletion/editing currently isn't enforced on the server (ticket
>>>>>> already open), so anyone can delete their own tickets currently at
>>>>>> any
>>>>>> time.
>>>>>>
>>>>>> I've noted the other issues and will tackle those tomorrow.
>>>>> I have deleted not only my comments, I can delete enyone comment
>>>>
>>>> Okay, that was supposed to be implemented before 1.0.0, but then I
>>>> forgot about it:
>>>> https://github.com/rejectedsoftware/diskuto/blob/d8376f3e54a03574f69af13a0b41b5e994b6ce44/source/diskuto/web.d#L107
>>>>
>>>>
>>>
>>> You'll also want a CSRF token for that, checking that the user is the
>>> author isn't enough.
>>
>> True, I have that and some other standard measures planned, but for
>> now I wanted to concentrate on getting the general functionality and
>> layout done. On the "security" side, simple moderation and registered
>> user support is now in but still needs some additions, and the spam
>> filter integration still needs a little work.
>>
>> IMO, those are the most important things for the start, because
>> realistically nobody is going to implement a CSRF attack against this
>> in the foreseeable future, and even if, the impact would be extremely
>> limited (since only posts of the last 15 minutes can be changed anyways).
>
> Please add oAuth with Google instead anti-spam. I really captcha end
> other stupid system where computer make decision enough am I human or no.
>
> Also auth with Telegram is very good thing. I think it would enough for
> 90% of users.

The idea is to allow anonymous comments, at least if a site wants to support it, because that can often reduce the initial entry barrier considerably, even compared against a convenient OAuth login.

But the idea is that all kinds of authentication mechanisms can be plugged in using the relatively trivial `DiskutoUserStore` interface. So anyone can use their favorite means. I'd of course accept pull requests to include a range of default options, but I'll probably not have the time to do that myself.
6 days ago
On 03/16/2017 06:23 AM, Sönke Ludwig wrote:
>
> The latest version now offers three embedding modes:
> https://github.com/rejectedsoftware/diskuto/tree/master/examples
>
> User accounts and simple moderation are also supported now. The
> embed-diet example shows how this can be plugged in.

Nice. Very cool lib!
4 days ago
On Tuesday, 14 March 2017 at 11:17:57 UTC, Sönke Ludwig wrote:
> Any comments suggestions and especially helping hands are highly appreciated!

Would be nice to undo/change votes. I accidentally clicked -1 and can't undo it.
2 days ago
Am 19.03.2017 um 12:13 schrieb MrSmith:
> On Tuesday, 14 March 2017 at 11:17:57 UTC, Sönke Ludwig wrote:
>> Any comments suggestions and especially helping hands are highly
>> appreciated!
>
> Would be nice to undo/change votes. I accidentally clicked -1 and can't
> undo it.

Good point, I was a bit worried about this myself, and the fact that it directly occurred in practice suggests that this indeed needs to be improved.
Next ›   Last »
1 2 3