Transition Technology: Ticket #391: PSE tracking, moderation and security

hours, totalhours changed

chris — Thu, 02 Feb 2012 11:57:10 GMT

hours changed from 0.0 to 0.5
totalhours changed from 0.0 to 0.5

Some initial thoughts have been added to the wiki:

https://wiki.transitionnetwork.org/index.php?title=Sharing_Engine/Tracking,_Moderation_and_Security&oldid=326

milestone changed

chris — Fri, 03 Feb 2012 11:10:48 GMT

milestone changed from Phase 6 to PSE

Milestone changed to PSE

hours, totalhours changed

chris — Fri, 03 Feb 2012 11:31:36 GMT

hours changed from 0.0 to 0.23
totalhours changed from 0.5 to 0.73

I did some more work on this wiki page:

https://wiki.transitionnetwork.org/index.php?title=Sharing_Engine%2FTracking%2C_Moderation_and_Security&action=historysubmit&diff=333&oldid=326

Which of these approaches (or a mixture of them) are we going to adopt for the widget?

HTML forms
Javascript write
Iframes

hours, totalhours changed

chris — Mon, 06 Feb 2012 11:48:41 GMT

hours changed from 0.0 to 0.75
totalhours changed from 0.73 to 1.48

I have done some research on iframes and written it up here:

https://wiki.transitionnetwork.org/index.php?title=Sharing_Engine/Tracking,_Moderation_and_Security&oldid=335#iframes

hours, totalhours changed

jim — Sun, 11 Mar 2012 20:44:17 GMT

hours changed from 0.0 to 0.25
totalhours changed from 1.48 to 1.73

Thanks Chris.

structure, iframes & js

Further to your research and documentation, the structure of the widget has been defined here: https://wiki.transitionnetwork.org/Sharing_Engine/Widget_structure

We're going for 'progressive enhancement', so the basic 'view' widget will just be an IFrame showing some information on TN.org. The 'Add your project' button will be a plain link that sends a user to TN.org to add their project. BUT if they have JavaScript? enabled, they'll get a nice modal dialogue containing the widget, so they don't 'leave' the underlying page.

Devices/browsers that don't support iFrames will not be able to use the widgets.

Security & spam

Some basic CAPTCHA will be present on all entry forms, and all content posted though the widget must be moderated before going live. This may change in the beta/full version.

All widgets will send an ID to the site that will check they have permission to post through the widget. This is clearly basic security, and if it's not enough we can look at ajax requests that allow posts from an IP based on the referer HTTP header matching. Again, basic and easily beaten by someone wanting to get in, but then they'll hit the moderation.

Further beefing of security is probably beyond the scope of the alpha version, and might necessitate meatier coding/authentication.

status changed; resolution set

chris — Tue, 29 Jan 2013 17:34:59 GMT

status changed from new to closed
resolution set to fixed

Closing this ticket as this has been resolved.