At 12:38 PM 6/28/2025, Mark Sapiro wrote:
On 6/28/25 09:46, David Andrews via Mailman-Users wrote:
There is stuff about the "secret form?" would
this work? If I understand it, the IP must
match. Then there is stuff about the life of
the form? Do both conditions have to be
true.? Many of our users do not return a form
quickly, they are not that good with their
assistive technology! The writing suggests
five seconds, that would never work for us.
In mm_cfg.py, set
SUBSCRIBE_FORM_SECRET = 'some phrase'
where some phrase is anything you want that
isn't obvious. This places a hidden token in the
subscribe form which is a hash of the phrase,
the current time and the IP that requested the
form which has to validate when the form is submitted.
Then set
SUBSCRIBE_FORM_MIN_TIME = seconds(number)
where is number is a number of seconds. You
misunderstand this. It doesn't say the form has
to be submitted within that time. It says the
form can't be submitted within that time. I.e.,
you have to wait at least that long before submitting the form.
This is not perfect, but the intent is to
require first getting the form and then delaying
a bit to fill it out before submitting it to
prevent bots from submitting a canned form or
getting the form and replying immediately.
This may help.
Thanks!!!
Dave
--
Mark Sapiro <m...@msapiro.net> The highway is for gamblers,
San Francisco Bay Area, California better use your sense - B. Dylan
------------------------------------------------------
Mailman-Users mailing list --
mailman-users@python.org To unsubscribe send an
email to mailman-users-le...@python.org
https://mail.python.org/mailman3/lists/mailman-users.python.org/
Mailman FAQ: http://wiki.list.org/x/AgA3
Security Policy: http://wiki.list.org/x/QIA9
Searchable Archives:
https://www.mail-archive.com/mailman-users@python.org/
https://mail.python.org/archives/list/mailman-users@python.org/
Member address: dandrews...@comcast.net </x-flowed>
------------------------------------------------------
Mailman-Users mailing list -- mailman-users@python.org
To unsubscribe send an email to mailman-users-le...@python.org
https://mail.python.org/mailman3/lists/mailman-users.python.org/
Mailman FAQ: http://wiki.list.org/x/AgA3
Security Policy: http://wiki.list.org/x/QIA9
Searchable Archives: https://www.mail-archive.com/mailman-users@python.org/
https://mail.python.org/archives/list/mailman-users@python.org/
Member address: arch...@mail-archive.com
