Modify

Opened 4 years ago

Closed 4 years ago

Last modified 4 years ago

#6996 closed enhancement (worksforme)

XmlRpcPlugin: Filter RPC calls considered as spam

Reported by: olemis Owned by: osimons
Priority: normal Component: XmlRpcPlugin
Severity: major Keywords: spam rpc
Cc: olemis, otaku42 Trac Release: 0.11

Description

Inspired on a previous experience @ TH.org.

I suppose this should be implemented in two phases:

  • Add support for filters in core
  • Implement a glue layer to reuse functionalities provided by third-party packages

but I am not sure because I am not very aware of current (anti-spam) support added by plugins.

Attachments (0)

Change History (5)

comment:1 Changed 4 years ago by olemis

  • Cc otaku42 added

comment:2 Changed 4 years ago by olemis

  • Summary changed from Filter XmlRpcPlugin calls considered as spam to XmlRpcPlugin: Filter RPC calls considered as spam

comment:3 Changed 4 years ago by osimons

This is a non-issue with current state of plugin as far as I can see. All wiki and ticket updates should be made on top of the Trac infrastructure, and not using direct model or database access. That means it will respect:

  • manipulators that may veto a change (such as spam filter plugin)
  • permissions in case fine-grained policies are added via plugins
  • (and make sure that listeners are aware of the update for notifications and similar)

That needs to be the model for all RPC methods makeing changes - behave just as if the input arrived from web.

comment:4 follow-up: Changed 4 years ago by osimons

  • Resolution set to worksforme
  • Status changed from new to closed

BTW: This site currently runs Trac 0.10.x and corresponding version of the plugin that has not seen changes for over 3 years...

I'm closing as 'worksforme' with 'upgrade' as recommended solution :-)

comment:5 in reply to: ↑ 4 Changed 4 years ago by olemis

Replying to osimons:

I'm closing as 'worksforme' with 'upgrade' as recommended solution :-)


Ok. I'll check out later what should be the errors reported by the plugin once a filter blocks a given RPC request . I suppose that not all anti-spam solutions are useful in this case (e.g. captchas for RPC ?) but that's part of the server configuration process and definitely something we shouldn't care about (unless it may cause conflicts e.g. all calls rejected because of missing captcha when that filter is used for wiki pages and tickets ?)

Add Comment

Modify Ticket

Action
as closed .
as The resolution will be set. Next status will be 'closed'.
to The owner will be changed from osimons. Next status will be 'closed'.
The resolution will be deleted. Next status will be 'reopened'.
Author


E-mail address and user name can be saved in the Preferences.

 
Note: See TracTickets for help on using tickets.