Daemon News Ezine BSD News BSD Mall BSD Support Forum BSD Advocacy BSD Updates
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: random text in bug submission.

On 2005-04-08 13:27, Alan Larson <larson@xxxxxxxxxxxxxxxxx> wrote:
>>On Thu, Apr 07, 2005 at 04:56:11PM -0700, Alan Larson wrote:
>>> I entered the correct code, and it said it didn't match and
>>> refused to take my bug submission.
>>>
>>> What an annoyance.
>>>
>>> It showed the same code as a previous report, but did not accept
>>> the entry.
>>
>> I really don't understand this behaviour.  The image is called as a
>> volatile script (/cgi/sendpr-code.cgi?dummy) and sends no-cache
>> headers in the HTTP response.  There's no way that your browser
>> should have shown you the same code again.  What is it?

>>>   There really should be some "are you really a human" at that point --
>>
>> What?
>
> What I meant was that the failure to match error page should give
> another (presumably different) image to match so one could continue
> the submit process without loss of the information that had just been
> manually entered.
>
> Sort of a "second try".

This is a denial of service waiting to happen.  Unless, of course, there
is a severely limited number of allowed retries; in which case we're
back to solving the problem with having just one retry, and the caching
misbehavior you're seeing.