Ticket #391 (closed enhancement: fixed)

Opened 5 years ago

Last modified 4 years ago

PSE tracking, moderation and security

Reported by: chris Owned by: chris
Priority: major Milestone: PSE
Component: Live server Keywords:
Cc: jim, laura, ed Estimated Number of Hours: 0.0
Add Hours to Ticket: 0 Billable?: yes
Total Hours: 1.73

Description

This ticket is track time spent on the Tracking, Moderation and Security discussion which has a wiki page here: https://wiki.transitionnetwork.org/Sharing_Engine/Tracking,_Moderation_and_Security

Change History

comment:1 Changed 5 years ago by chris

  • Add Hours to Ticket changed from 0.0 to 0.5
  • Total Hours changed from 0.0 to 0.5

comment:2 Changed 5 years ago by chris

  • Milestone changed from Phase 6 to PSE

Milestone changed to PSE

comment:3 Changed 5 years ago by chris

  • Add Hours to Ticket changed from 0.0 to 0.23
  • Total Hours changed from 0.5 to 0.73

I did some more work on this wiki page:

https://wiki.transitionnetwork.org/index.php?title=Sharing_Engine%2FTracking%2C_Moderation_and_Security&action=historysubmit&diff=333&oldid=326

Which of these approaches (or a mixture of them) are we going to adopt for the widget?

  • HTML forms
  • Javascript write
  • Iframes

comment:4 Changed 5 years ago by chris

  • Add Hours to Ticket changed from 0.0 to 0.75
  • Total Hours changed from 0.73 to 1.48

comment:5 Changed 5 years ago by jim

  • Add Hours to Ticket changed from 0.0 to 0.25
  • Total Hours changed from 1.48 to 1.73

Thanks Chris.

structure, iframes & js

Further to your research and documentation, the structure of the widget has been defined here: https://wiki.transitionnetwork.org/Sharing_Engine/Widget_structure

We're going for 'progressive enhancement', so the basic 'view' widget will just be an IFrame showing some information on TN.org. The 'Add your project' button will be a plain link that sends a user to TN.org to add their project. BUT if they have JavaScript? enabled, they'll get a nice modal dialogue containing the widget, so they don't 'leave' the underlying page.

Devices/browsers that don't support iFrames will not be able to use the widgets.

Security & spam

Some basic CAPTCHA will be present on all entry forms, and all content posted though the widget must be moderated before going live. This may change in the beta/full version.

All widgets will send an ID to the site that will check they have permission to post through the widget. This is clearly basic security, and if it's not enough we can look at ajax requests that allow posts from an IP based on the referer HTTP header matching. Again, basic and easily beaten by someone wanting to get in, but then they'll hit the moderation.

Further beefing of security is probably beyond the scope of the alpha version, and might necessitate meatier coding/authentication.

comment:6 Changed 4 years ago by chris

  • Status changed from new to closed
  • Resolution set to fixed

Closing this ticket as this has been resolved.

Note: See TracTickets for help on using tickets.