Open lfalvarez opened 9 years ago
Approaches which we could use to fix this problem:
API keys for individual messages? You have to obtain the key before displaying the form. This will double api requests and will get us into a semi-authenticated scheme I'm not very fond of. El mar 24, 2015 5:53 PM, "Luis Felipe Álvarez Burgos" < notifications@github.com> escribió:
Approaches which we could use to fix this problem:
- throttling http://django-tastypie.readthedocs.org/en/latest/throttling.html.
- Disable API by admin/superadmin.
— Reply to this email directly or view it on GitHub https://github.com/ciudadanointeligente/write-it/issues/623#issuecomment-85620055 .
do you have somewhere where to read? I wouldn't know how to do it
I just searched for ror api keys and these articules turned up: http://railscasts.com/episodes/352-securing-an-api?view=asciicast http://blog.joshsoftware.com/2014/05/08/implementing-rails-apis-like-a-professional/
They are on topic, but I haven't read in detail so I can't assure every recommendation is worth implementing. We can discuss further or maybe just implement the other approaches you were proposing.
Martín.
2015-03-24 18:44 GMT+00:00 Luis Felipe Álvarez Burgos < notifications@github.com>:
do you have somewhere where to read? I wouldn't know how to do it
— Reply to this email directly or view it on GitHub https://github.com/ciudadanointeligente/write-it/issues/623#issuecomment-85638203 .
Martín Szyszlican Desarrollo web usable y accesible martinszyszlican.com
And a bot can create several messages.