On 6/28/25 09:46, David Andrews via Mailman-Users wrote:

There is stuff about the "secret form?" would this work?  If I understand it, the IP must match. Then there is stuff about the life of the form?  Do both conditions have to be true.? Many of our users do not return a form quickly, they are not that good with their assistive technology!  The writing suggests five seconds, that would never work for us.


In mm_cfg.py, set

SUBSCRIBE_FORM_SECRET = 'some phrase'

where some phrase is anything you want that isn't obvious. This places a hidden token in the subscribe form which is a hash of the phrase, the current time and the IP that requested the form which has to validate when the form is submitted.

Then set

SUBSCRIBE_FORM_MIN_TIME = seconds(number)

where is number is a number of seconds. You misunderstand this. It doesn't say the form has to be submitted within that time. It says the form can't be submitted within that time. I.e., you have to wait at least that long before submitting the form.

This is not perfect, but the intent is to require first getting the form and then delaying a bit to fill it out before submitting it to prevent bots from submitting a canned form or getting the form and replying immediately.

This may help.

--
Mark Sapiro <m...@msapiro.net>        The highway is for gamblers,
San Francisco Bay Area, California    better use your sense - B. Dylan

------------------------------------------------------
Mailman-Users mailing list -- mailman-users@python.org
To unsubscribe send an email to mailman-users-le...@python.org
https://mail.python.org/mailman3/lists/mailman-users.python.org/
Mailman FAQ: http://wiki.list.org/x/AgA3
Security Policy: http://wiki.list.org/x/QIA9
Searchable Archives: https://www.mail-archive.com/mailman-users@python.org/
   https://mail.python.org/archives/list/mailman-users@python.org/
Member address: arch...@jab.org

Reply via email to