On 6/28/25 09:46, David Andrews via Mailman-Users wrote:
There is stuff about the "secret form?" would this work? If I
understand it, the IP must match. Then there is stuff about the life of
the form? Do both conditions have to be true.? Many of our users do not
return a form quickly, they are not that good with their assistive
technology! The writing suggests five seconds, that would never work
for us.
In mm_cfg.py, set
SUBSCRIBE_FORM_SECRET = 'some phrase'
where some phrase is anything you want that isn't obvious. This places a
hidden token in the subscribe form which is a hash of the phrase, the
current time and the IP that requested the form which has to validate
when the form is submitted.
Then set
SUBSCRIBE_FORM_MIN_TIME = seconds(number)
where is number is a number of seconds. You misunderstand this. It
doesn't say the form has to be submitted within that time. It says the
form can't be submitted within that time. I.e., you have to wait at
least that long before submitting the form.
This is not perfect, but the intent is to require first getting the form
and then delaying a bit to fill it out before submitting it to prevent
bots from submitting a canned form or getting the form and replying
immediately.
This may help.
--
Mark Sapiro <m...@msapiro.net> The highway is for gamblers,
San Francisco Bay Area, California better use your sense - B. Dylan
------------------------------------------------------
Mailman-Users mailing list -- mailman-users@python.org
To unsubscribe send an email to mailman-users-le...@python.org
https://mail.python.org/mailman3/lists/mailman-users.python.org/
Mailman FAQ: http://wiki.list.org/x/AgA3
Security Policy: http://wiki.list.org/x/QIA9
Searchable Archives: https://www.mail-archive.com/mailman-users@python.org/
https://mail.python.org/archives/list/mailman-users@python.org/
Member address: arch...@jab.org