[openstreetmap/openstreetmap-website] Forbid anonymous comments for notes (#1543)

Bryan Housel notifications at github.com
Thu Nov 1 14:10:53 UTC 2018


It's a very bad idea in 2018 to allow anonymous users to upload notes, especially given that notes don't have the same character limitation that other entities in OpenStreetMap.  Anybody on the internet could just start uploading gigabytes of garbage without even signing in.  

Seems like it would be easy to overwhelm the OSM database servers using this attack vector, but I'm not about to try.  Please put an end to anonymous notes and comments before someone does try it.  Or at least implement a note creation rate limit or limit the size of the note (if it doesn't have these things already).

-- 
You are receiving this because you are subscribed to this thread.
Reply to this email directly or view it on GitHub:
https://github.com/openstreetmap/openstreetmap-website/issues/1543#issuecomment-435042786
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openstreetmap.org/pipermail/rails-dev/attachments/20181101/487da41a/attachment.html>


More information about the rails-dev mailing list