Return-Path: X-Original-To: apmail-httpd-docs-archive@www.apache.org Delivered-To: apmail-httpd-docs-archive@www.apache.org Received: from mail.apache.org (hermes.apache.org [140.211.11.3]) by minotaur.apache.org (Postfix) with SMTP id 27832C96F for ; Tue, 22 May 2012 21:25:56 +0000 (UTC) Received: (qmail 37103 invoked by uid 500); 22 May 2012 21:25:55 -0000 Delivered-To: apmail-httpd-docs-archive@httpd.apache.org Received: (qmail 36727 invoked by uid 500); 22 May 2012 21:25:55 -0000 Mailing-List: contact docs-help@httpd.apache.org; run by ezmlm Precedence: bulk list-help: list-unsubscribe: List-Post: Reply-To: docs@httpd.apache.org List-Id: Delivered-To: mailing list docs@httpd.apache.org Received: (qmail 36449 invoked by uid 99); 22 May 2012 21:25:54 -0000 Received: from nike.apache.org (HELO nike.apache.org) (192.87.106.230) by apache.org (qpsmtpd/0.29) with ESMTP; Tue, 22 May 2012 21:25:54 +0000 X-ASF-Spam-Status: No, hits=-2.3 required=5.0 tests=RCVD_IN_DNSWL_MED,SPF_PASS X-Spam-Check-By: apache.org Received-SPF: pass (nike.apache.org: domain of rainer.jung@kippdata.de designates 195.227.30.149 as permitted sender) Received: from [195.227.30.149] (HELO mailserver.kippdata.de) (195.227.30.149) by apache.org (qpsmtpd/0.29) with ESMTP; Tue, 22 May 2012 21:25:48 +0000 Received: from [10.0.110.6] ([192.168.2.104]) by mailserver.kippdata.de (8.13.5/8.13.5) with ESMTP id q4MLPR4x008155; Tue, 22 May 2012 23:25:27 +0200 (CEST) Message-ID: <4FBC0441.5080909@kippdata.de> Date: Tue, 22 May 2012 23:25:21 +0200 From: Rainer Jung User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:12.0) Gecko/20120428 Thunderbird/12.0.1 MIME-Version: 1.0 To: dev@httpd.apache.org, docs@httpd.apache.org Subject: Re: Comment system, take two References: <4FBAADDA.1030100@cord.dk> In-Reply-To: <4FBAADDA.1030100@cord.dk> Content-Type: text/plain; charset=ISO-8859-15; format=flowed Content-Transfer-Encoding: 7bit === Sorry, sent again, because I forgot the docs list === On 21.05.2012 23:04, Daniel Gruno wrote: > In light of recent concerns about the Disqus system, I've taken it upon > myself to figure out an alternative we can use for adding comments to > our pages. And so, through the better half of a day, I worked on > creating a new system that is without any evil tracking mechanisms of > any sort except for what people themselves will allow - that is, only > information that is willingly entered will be stored, no IPs or such. Great! > The result (thus far) can be seen at a small test page I made for the > http project at http://c.apaste.info/httpd.html - feel free to give it a > test spin and see what you like. I like it. +1 Concerning production readyness, some points come to mind: - Did you pay attention on escaping problematic input? I saw some escaping, but didn't thoroughly test it. We don't want XSS and such. - Is there some safety against brute force password hacking for the registered people, especially the moderators? E.g. locking accounts after a few wrong passwords. - Since we want to host it later inside ASF infra: what are the infra requirements? It seems the server part is written in Lua? Is it based on httpd 2.4 with mod_lua, or just Lua in CGI scripts or similar? Thanks! Rainer --------------------------------------------------------------------- To unsubscribe, e-mail: docs-unsubscribe@httpd.apache.org For additional commands, e-mail: docs-help@httpd.apache.org