Forum/blogs access in eCommerce

Previous Topic Next Topic
 
classic Classic list List threaded Threaded
5 messages Options
Reply | Threaded
Open this post in threaded view
|

Forum/blogs access in eCommerce

Jacques Le Roux
Administrator
Is that normal you can access in write mode to forums and blogs in Ecommerce with admin login but not with DemoCustomer ?

Thanks

Jacques
Reply | Threaded
Open this post in threaded view
|

Re: Forum/blogs access in eCommerce

BJ Freeman
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

- From a practical point of view, all blogs and forums should have a
Moderator for each, at the minimum. each Account must be logged in to post.
I would also put a rule in that the person posting must have purchase
and item, if they have a role of customer.
I say this because I run Forums and Blogs on Domains I have.
there is a block of  two class C servers that do nothing but spam Forums
and Blogs.
They hit them at the rate of every 4 min.
Though a .htaccess can block the IP's it is a lot of work to remove the
spam before you realize what the IP's are that are causing it.


Jacques Le Roux sent the following on 2/13/2009 11:38 PM:
> Is that normal you can access in write mode to forums and blogs in Ecommerce with admin login but not with DemoCustomer ?
>
> Thanks
>
> Jacques
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.6 (MingW32)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org

iD8DBQFJlp9erP3NbaWWqE4RAhjfAJ9hiHjRYc0MhuDxn4R2DWvwS34iAQCfbns1
w4RNRl2yv97zp6X2hOnWmHM=
=vHrX
-----END PGP SIGNATURE-----
Reply | Threaded
Open this post in threaded view
|

Re: Forum/blogs access in eCommerce

Jacques Le Roux
Administrator
From: "BJ Freeman" <[hidden email]>
> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA1
>
> - From a practical point of view, all blogs and forums should have a
> Moderator for each, at the minimum. each Account must be logged in to post.

OK, for blogs it makes sense to restrict access to owner. I remembered and used bigal login. There is currently a problem with forum
I guess related to r744418, I'm looking at that...

> I would also put a rule in that the person posting must have purchase
> and item, if they have a role of customer.
> I say this because I run Forums and Blogs on Domains I have.
> there is a block of  two class C servers that do nothing but spam Forums
> and Blogs.
> They hit them at the rate of every 4 min.
> Though a .htaccess can block the IP's it is a lot of work to remove the
> spam before you realize what the IP's are that are causing it.

Yes good idea, have you tried something already ?

Jacques

>
> Jacques Le Roux sent the following on 2/13/2009 11:38 PM:
>> Is that normal you can access in write mode to forums and blogs in Ecommerce with admin login but not with DemoCustomer ?
>>
>> Thanks
>>
>> Jacques
> -----BEGIN PGP SIGNATURE-----
> Version: GnuPG v1.4.6 (MingW32)
> Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org
>
> iD8DBQFJlp9erP3NbaWWqE4RAhjfAJ9hiHjRYc0MhuDxn4R2DWvwS34iAQCfbns1
> w4RNRl2yv97zp6X2hOnWmHM=
> =vHrX
> -----END PGP SIGNATURE-----
>


Reply | Threaded
Open this post in threaded view
|

Re: Forum/blogs access in eCommerce

Jacques Le Roux
Administrator
In reply to this post by BJ Freeman
From: "BJ Freeman" <[hidden email]>
> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA1
>
> - From a practical point of view, all blogs and forums should have a
> Moderator for each, at the minimum. each Account must be logged in to post.

OK, for blogs it makes sense to restrict access to owner. I remembered and used bigal login. I'm still unsure how to use forums, I
think we should facilitate the demonstration, but I'm maybe still missing something here

> I would also put a rule in that the person posting must have purchase
> and item, if they have a role of customer.
> I say this because I run Forums and Blogs on Domains I have.
> there is a block of  two class C servers that do nothing but spam Forums
> and Blogs.
> They hit them at the rate of every 4 min.
> Though a .htaccess can block the IP's it is a lot of work to remove the
> spam before you realize what the IP's are that are causing it.

Yes good idea, have you tried something already ?

Jacques

>
> Jacques Le Roux sent the following on 2/13/2009 11:38 PM:
>> Is that normal you can access in write mode to forums and blogs in Ecommerce with admin login but not with DemoCustomer ?
>>
>> Thanks
>>
>> Jacques
> -----BEGIN PGP SIGNATURE-----
> Version: GnuPG v1.4.6 (MingW32)
> Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org
>
> iD8DBQFJlp9erP3NbaWWqE4RAhjfAJ9hiHjRYc0MhuDxn4R2DWvwS34iAQCfbns1
> w4RNRl2yv97zp6X2hOnWmHM=
> =vHrX
> -----END PGP SIGNATURE-----
>


Reply | Threaded
Open this post in threaded view
|

Re: Forum/blogs access in eCommerce

Jacques Le Roux
Administrator
In reply to this post by Jacques Le Roux
I should not have posted this msg. The problem is not related to forums. It's only related to to <form method="post" WIHT
enctype="multipart/form-data"  IN.
If you revet r744418 those forms works again (example : uploading an image for a product)

Jacques

From: "Jacques Le Roux" <[hidden email]>

> From: "BJ Freeman" <[hidden email]>
>> -----BEGIN PGP SIGNED MESSAGE-----
>> Hash: SHA1
>>
>> - From a practical point of view, all blogs and forums should have a
>> Moderator for each, at the minimum. each Account must be logged in to post.
>
> OK, for blogs it makes sense to restrict access to owner. I remembered and used bigal login. There is currently a problem with
> forum I guess related to r744418, I'm looking at that...
>
>> I would also put a rule in that the person posting must have purchase
>> and item, if they have a role of customer.
>> I say this because I run Forums and Blogs on Domains I have.
>> there is a block of  two class C servers that do nothing but spam Forums
>> and Blogs.
>> They hit them at the rate of every 4 min.
>> Though a .htaccess can block the IP's it is a lot of work to remove the
>> spam before you realize what the IP's are that are causing it.
>
> Yes good idea, have you tried something already ?
>
> Jacques
>
>>
>> Jacques Le Roux sent the following on 2/13/2009 11:38 PM:
>>> Is that normal you can access in write mode to forums and blogs in Ecommerce with admin login but not with DemoCustomer ?
>>>
>>> Thanks
>>>
>>> Jacques
>> -----BEGIN PGP SIGNATURE-----
>> Version: GnuPG v1.4.6 (MingW32)
>> Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org
>>
>> iD8DBQFJlp9erP3NbaWWqE4RAhjfAJ9hiHjRYc0MhuDxn4R2DWvwS34iAQCfbns1
>> w4RNRl2yv97zp6X2hOnWmHM=
>> =vHrX
>> -----END PGP SIGNATURE-----
>>
>
>