Protecting Your Open Discussion Forum
Jamie McCarthy, Programmer, Slashdot
Chris Nandor, Programmer, Slashdot
Date: Thursday, July 29
Time: 5:20pm - 6:05pm
Location: Salon I
Since open discussion makes a popular site more popular, every blogger and webmaster wants to invite public comments. From blogs, to corporate sites that have realized the power of community-building, to presidential candidates' campaign sites, open forums are all over the internet. And it's about damn time!
So now HTTP is the new SMTP -- with public commentary comes public abuse. If you're a programmer working on the next Orkut or LiveJournal, you should know how to fend off the hostiles with code.
McCarthy looks at the various issues related to unfriendly activity that a site open to the public will have to deal with:
"Crapflooding," or drowning your website in junk.
Distributed attacks that are YOUR problem, not your network administrator's.
Which jobs will your code delegate to paid staff, and which can your user community do?
What are the web's equivalent of buffer overruns -- the simple security mistakes you should avoid?
Escaping and stripping input text is harder than you think.
And more, including case studies from recent attacks on Slashdot and Movable Type. If we can survive them, you can too!
© 2004, O'Reilly Media, Inc.