X-Original-To: pgsql-www-postgresql.org@localhost.postgresql.org Received: from localhost (av.hub.org [200.46.204.144]) by svr1.postgresql.org (Postfix) with ESMTP id 67400D78B6 for ; Thu, 17 Nov 2005 12:18:40 -0400 (AST) Received: from svr1.postgresql.org ([200.46.204.71]) by localhost (av.hub.org [200.46.204.144]) (amavisd-new, port 10024) with ESMTP id 58506-06 for ; Thu, 17 Nov 2005 16:18:38 +0000 (GMT) X-Greylist: from auto-whitelisted by SQLgrey- Received: from anchor-post-30.mail.demon.net (anchor-post-30.mail.demon.net [194.217.242.88]) by svr1.postgresql.org (Postfix) with ESMTP id 9319ED7003 for ; Thu, 17 Nov 2005 12:18:37 -0400 (AST) Received: from mailgate.vale-housing.co.uk ([194.217.48.34] helo=vale-housing.co.uk) by anchor-post-30.mail.demon.net with esmtp (Exim 4.42) id 1EcmT5-000L4Y-3B for pgsql-www@postgresql.org; Thu, 17 Nov 2005 16:18:36 +0000 Content-class: urn:content-classes:message MIME-Version: 1.0 Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: quoted-printable X-MimeOLE: Produced By Microsoft Exchange V6.5.7226.0 Subject: Re: Broken? http://www.postgresql.org/about/ Date: Thu, 17 Nov 2005 16:18:37 -0000 Message-ID: X-MS-Has-Attach: X-MS-TNEF-Correlator: Thread-Topic: [pgsql-www] Broken? http://www.postgresql.org/about/ Thread-Index: AcXrkb8HQAt79i5KSyywOmN/jtAXlgAAEegA From: "Dave Page" To: "Robert Treat" Cc: , X-Virus-Scanned: by amavisd-new at hub.org X-Spam-Status: No, score=0.25 required=5 tests=[AWL=0.250] X-Spam-Score: 0.25 X-Spam-Level: X-Archive-Number: 200511/120 X-Sequence-Number: 8835 =20 > -----Original Message----- > From: Robert Treat [mailto:xzilla@users.sourceforge.net]=20 > Sent: 17 November 2005 16:12 > To: Dave Page > Cc: gevik@xs4all.nl; pgsql-www@postgresql.org > Subject: Re: [pgsql-www] Broken? http://www.postgresql.org/about/ >=20 > On Thu, 2005-11-17 at 05:28, Dave Page wrote: > > BTW, how goes the form submission verification? > >=20 >=20 > I heard an interesting twist on this... rather than doing image > verification, you instead reject submissions that come from page that > don't contain a postgresql.org refferrer on the submission page. The > idea being the spam bots post directly to the submission=20 > page, but users > navigate thier way into the page. simple (and transparent to the user) > but apparently very effective for some folks that have=20 > implemented it.=20 Sounds like a good idea, except legitimate clients might not send it (I don't know off-hand if any do offer a way to stop it, but it seems like a sensible privacy option). Also I imagine it would be really easy to add it to the spam bots, so I doubt it'll be long before it stops working for them as well. Regards, Dave.