<p>It's a very bad idea in 2018 to allow anonymous users to upload notes, especially given that notes don't have the same character limitation that other entities in OpenStreetMap.  Anybody on the internet could just start uploading gigabytes of garbage without even signing in.</p>
<p>Seems like it would be easy to overwhelm the OSM database servers using this attack vector, but I'm not about to try.  Please put an end to anonymous notes and comments before someone does try it.  Or at least implement a note creation rate limit or limit the size of the note (if it doesn't have these things already).</p>

<p style="font-size:small;-webkit-text-size-adjust:none;color:#666;">—<br />You are receiving this because you are subscribed to this thread.<br />Reply to this email directly, <a href="https://github.com/openstreetmap/openstreetmap-website/issues/1543#issuecomment-435042786">view it on GitHub</a>, or <a href="https://github.com/notifications/unsubscribe-auth/ABWnLSshWRNAZpX0Y_Mce0Og8ke1_v4lks5uqwDsgaJpZM4NcYws">mute the thread</a>.<img src="https://github.com/notifications/beacon/ABWnLYsklDDyO9Mjex6FKbz1OPB0GLd-ks5uqwDsgaJpZM4NcYws.gif" height="1" width="1" alt="" /></p>
<script type="application/json" data-scope="inboxmarkup">{"api_version":"1.0","publisher":{"api_key":"05dde50f1d1a384dd78767c55493e4bb","name":"GitHub"},"entity":{"external_key":"github/openstreetmap/openstreetmap-website","title":"openstreetmap/openstreetmap-website","subtitle":"GitHub repository","main_image_url":"https://assets-cdn.github.com/images/email/message_cards/header.png","avatar_image_url":"https://assets-cdn.github.com/images/email/message_cards/avatar.png","action":{"name":"Open in GitHub","url":"https://github.com/openstreetmap/openstreetmap-website"}},"updates":{"snippets":[{"icon":"PERSON","message":"@bhousel in #1543: It's a very bad idea in 2018 to allow anonymous users to upload notes, especially given that notes don't have the same character limitation that other entities in OpenStreetMap.  Anybody on the internet could just start uploading gigabytes of garbage without even signing in.  \r\n\r\nSeems like it would be easy to overwhelm the OSM database servers using this attack vector, but I'm not about to try.  Please put an end to anonymous notes and comments before someone does try it.  Or at least implement a note creation rate limit or limit the size of the note (if it doesn't have these things already)."}],"action":{"name":"View Issue","url":"https://github.com/openstreetmap/openstreetmap-website/issues/1543#issuecomment-435042786"}}}</script>
<script type="application/ld+json">[
{
"@context": "http://schema.org",
"@type": "EmailMessage",
"potentialAction": {
"@type": "ViewAction",
"target": "https://github.com/openstreetmap/openstreetmap-website/issues/1543#issuecomment-435042786",
"url": "https://github.com/openstreetmap/openstreetmap-website/issues/1543#issuecomment-435042786",
"name": "View Issue"
},
"description": "View this Issue on GitHub",
"publisher": {
"@type": "Organization",
"name": "GitHub",
"url": "https://github.com"
}
},
{
"@type": "MessageCard",
"@context": "http://schema.org/extensions",
"hideOriginalBody": "false",
"originator": "AF6C5A86-E920-430C-9C59-A73278B5EFEB",
"title": "Re: [openstreetmap/openstreetmap-website] Forbid anonymous comments for notes (#1543)",
"sections": [
{
"text": "",
"activityTitle": "**Bryan Housel**",
"activityImage": "https://assets-cdn.github.com/images/email/message_cards/avatar.png",
"activitySubtitle": "@bhousel",
"facts": [

]
}
],
"potentialAction": [
{
"name": "Add a comment",
"@type": "ActionCard",
"inputs": [
{
"isMultiLine": true,
"@type": "TextInput",
"id": "IssueComment",
"isRequired": false
}
],
"actions": [
{
"name": "Comment",
"@type": "HttpPOST",
"target": "https://api.github.com",
"body": "{\n\"commandName\": \"IssueComment\",\n\"repositoryFullName\": \"openstreetmap/openstreetmap-website\",\n\"issueId\": 1543,\n\"IssueComment\": \"{{IssueComment.value}}\"\n}"
}
]
},
{
"name": "Close issue",
"@type": "HttpPOST",
"target": "https://api.github.com",
"body": "{\n\"commandName\": \"IssueClose\",\n\"repositoryFullName\": \"openstreetmap/openstreetmap-website\",\n\"issueId\": 1543\n}"
},
{
"targets": [
{
"os": "default",
"uri": "https://github.com/openstreetmap/openstreetmap-website/issues/1543#issuecomment-435042786"
}
],
"@type": "OpenUri",
"name": "View on GitHub"
},
{
"name": "Unsubscribe",
"@type": "HttpPOST",
"target": "https://api.github.com",
"body": "{\n\"commandName\": \"MuteNotification\",\n\"threadId\": 225545260\n}"
}
],
"themeColor": "26292E"
}
]</script>