deepend-tildeclub
commented
1 year ago going to make changes
Closed deepend-tildeclub closed 1 year ago
deepend-tildeclub
commented
1 year ago going to make changes
michaelcoyote
commented
1 year ago I think this is pretty cool.
I can't speak a lot to the PHP code but it looks like we lock down the referrer to the expected http[s]://tilde.club/~$USERNAME to keep the sqlite DB from getting spammed or spoofed. Do we think that's enough? Is it possible for some joker to spoof the referrer and create fake DBs?
ETA: Oops, just saw this of course right after you closed it.
deepend-tildeclub
commented
1 year ago This will be resubmitted after some changes. So that's ok. As for the referrer it's mostly there so people can't link to other users guestbooks from their page.
And in turn it'll also make it so the database is only added to if the user exists. But yeah I'm sure there is probably a way to spoof referrers. But I think it's a pretty small concern. Any idea's are welcome though.
Looking for input and maybe some people to contribute before I deploy this. I think a guestbook especially where most sites font want to have tracking statistics on them is a great tool to know users are seeing your content.