1 |
On Thu, 2020-05-21 at 22:07 +0200, Toralf Förster wrote: |
2 |
> On 5/21/20 11:43 AM, Michał Górny wrote: |
3 |
> > On Thu, 2020-05-21 at 11:17 +0200, Toralf Förster wrote: |
4 |
> > > On 5/21/20 10:47 AM, Michał Górny wrote: |
5 |
> > > > TL;DR: I'm looking for opinions on how to protect goose from spam, |
6 |
> > > > i.e. mass fake submissions. |
7 |
> > > > |
8 |
> > > |
9 |
> > > I'd combine IP-limits with proof-of-work. |
10 |
> > > CAPTCHA should be the very last option IMO. |
11 |
> > > |
12 |
> > |
13 |
> > To be honest, I don't see the point for proof-of-work if we have IP |
14 |
> > limits. |
15 |
> > |
16 |
> |
17 |
> The POW has to be made for every submission and should (somehow) include the IP-address. |
18 |
> So you have 2 barriers. None of both is perfect but their combination is expensive. |
19 |
|
20 |
No, one of them is expensive while the other is completely covered by |
21 |
it. I can't imagine requiring PoW that expensive that it would limit |
22 |
requests more than a reasonable IP limiting. |
23 |
|
24 |
-- |
25 |
Best regards, |
26 |
Michał Górny |