: Allowing users to post without logging in On Stackoverflow/Stackexchange, users are allowed to add posts without requiring login, just wondering what should be considered before allowing this kind
On Stackoverflow/Stackexchange, users are allowed to add posts without requiring login, just wondering what should be considered before allowing this kind behavior on a site?
Couple of things spring to mind...
Recording the users IP address
Limiting number of anonymous posts from a single IP
Are there any other things to consider?
More posts by @Samaraweera270
4 Comments
Sorted by latest first Latest Oldest Best
Depending upon what type of site you host and the content you allow within anonymous posts, you might find yourself dealing with botnets, spammers, and trolls hiding behind free proxies.
Requiring authentication and verifying the unique e-mail address provided on new account creation slows down most of the malicious activity... (and slowing it down is as much as you can hope for, really)
Preventing cross-site scripting attacks by "escaping" the contents (i.e. prevent any HTML/script being interpreted as such when you serve them back up) would help stop abuse.
Also, if you allow links in comments then including the rel="nofollow" HTML attribute negates the value of people doing so just to game search engines.
You could "teach" the site to filter out undesirable comments in the same way that modern email spam filtering works - see Paul Graham's writings on this.
The biggest thing that comes to mind is, "How are you going to handle moderation?" StackExchange avoids a lot of spam because it is self-moderated. However, if you don't allow your users to moderate or you don't have users willing to moderate, the onus falls on you. Moderation becomes much easier if you require authentication.
Terms of Use Create Support ticket Your support tickets Stock Market News! © vmapp.org2024 All Rights reserved.