[SAC] OSGeo Id creation disabled
Frank Warmerdam
warmerdam at pobox.com
Sat Apr 30 10:58:54 PDT 2016
Alex,
I can do that.
I have created ticket https://trac.osgeo.org/osgeo/ticket/1665 to
track my work today.
hmm, It appears I neglected to send this earlier today when I started
this work and it is now done, actually using Recaptcha:
https://www2.osgeo.org/cgi-bin/ldap_create_user.py
Best regards,
Frank
On Fri, Apr 29, 2016 at 8:24 PM, Alex Mandel <tech_dev at wildintellect.com> wrote:
> I just recalled something useful. It would be great if we could
> blacklist certain email domains. In particular yopmail and dayrep which
> are disposable email addresses (public readable, trashes all mail after
> 8 days) were used for many of the spam accounts recently. An email
> service like that is contradictory to being able to use email recover
> passwords when forgotten.
>
> Thanks,
> Alex
>
> On 2016-04-29 09:23, Alex M wrote:
>> Frank,
>>
>> I don't think there's a ticket yet. We should make those 2 items, 2
>> different tickets.
>>
>> Also I'll make a ticket for me, I'll attempt to spruce up the pages with
>> a little OSGeo branding to make them look less sketchy.
>>
>> Thanks,
>> Alex
>>
>> On 04/29/2016 09:18 AM, Frank Warmerdam wrote:
>>> Folks,
>>>
>>> I'm willing to update the LDAP account creation to require email
>>> validation. That is, I'll send out an email and they have to follow
>>> the link in the email to confirm before the account is actually
>>> created.
>>>
>>> Is there a SAC ticket on this? I should be able to do it today or tomorrow.
>>>
>>> I'll likely also try and put in place self-service password reset
>>> using a similar mechanism.
>>>
>>> Best regards,
>>> Frank
>>>
>>>
>>> On Thu, Apr 28, 2016 at 8:05 AM, Alex Mandel <tech_dev at wildintellect.com> wrote:
>>>> On 04/28/2016 08:04 AM, Alex Mandel wrote:
>>>>> On 04/28/2016 07:19 AM, Alex Mandel wrote:
>>>>>> On 04/28/2016 01:41 AM, Sandro Santilli wrote:
>>>>>>> On Wed, Apr 27, 2016 at 02:42:52PM -0700, Alex M wrote:
>>>>>>>
>>>>>>>> As a follow-up, we are now looking for someone who wants to improve our
>>>>>>>> creation system with Captcha, and/or email confirmation. If you think
>>>>>>>> you can build (or modify the existing) such a system to work with our
>>>>>>>> LDAP please contact the osgeo System Administration Committee (SAC).
>>>>>>>
>>>>>>> Should this part be sent on osgeo-discuss ?
>>>>>>
>>>>>> Maybe, all the people who run sites using this should be on the SAC
>>>>>> list. We could add a link to the maintenance page on how to contact SAC.
>>>>>>
>>>>>>> Anyway, what about doing something simple like asking to enter
>>>>>>> a number derived from some request headers ? Like the first
>>>>>>> 5 characters of the md5 of the remote ip ...
>>>>>>>
>>>>>>
>>>>>> Yes anything for now that is hard for a bot (since it might get
>>>>>> re-written). With a more robust solution later.
>>>>>>
>>>>>> Thanks,
>>>>>> Alex
>>>>>
>>>>> https://www.ldap-account-manager.org/lamcms/lamPro/features#selfService
>>>>>
>>>>> Of course the open source variant doesn't have the User Self service
>>>>> module...
>>>>>
>>>>> That's the only pre-built solution I've found so far with user
>>>>> self-registration, email verification and user self service password reset.
>>>>>
>>>>> Keep looking.
>>>>>
>>>>> Alex
>>>>
>>>>
>>>> Correction, also this
>>>> http://ltb-project.org/wiki/documentation/self-service-password
>>>>
>>>> But it's not clear it has a registration tool.
>>>>
>>>> Thanks,
>>>> Alex
>>>>
>
>
--
---------------------------------------+--------------------------------------
I set the clouds in motion - turn up | Frank Warmerdam, warmerdam at pobox.com
light and sound - activate the windows | http://pobox.com/~warmerdam
and watch the world go round - Rush | Geospatial Software Developer
More information about the Sac
mailing list