httpd-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Rainer Jung <>
Subject Re: Comment system, take two
Date Tue, 22 May 2012 21:25:21 GMT
=== Sorry, sent again, because I forgot the docs list ===

On 21.05.2012 23:04, Daniel Gruno wrote:
> In light of recent concerns about the Disqus system, I've taken it upon
> myself to figure out an alternative we can use for adding comments to
> our pages. And so, through the better half of a day, I worked on
> creating a new system that is without any evil tracking mechanisms of
> any sort except for what people themselves will allow - that is, only
> information that is willingly entered will be stored, no IPs or such.


> The result (thus far) can be seen at a small test page I made for the
> http project at - feel free to give it a
> test spin and see what you like.

I like it.


Concerning production readyness, some points come to mind:

- Did you pay attention on escaping problematic input? I saw some 
escaping, but didn't thoroughly test it. We don't want XSS and such.

- Is there some safety against brute force password hacking for the 
registered people, especially the moderators? E.g. locking accounts 
after a few wrong passwords.

- Since we want to host it later inside ASF infra: what are the infra 
requirements? It seems the server part is written in Lua? Is it based on 
httpd 2.4 with mod_lua, or just Lua in CGI scripts or similar?



View raw message