[aur-dev] cookies + suspended account

canyonknight canyonknight at gmail.com
Thu Feb 28 20:41:19 EST 2013

On Wed, Feb 27, 2013 at 5:26 PM, Alexander Rødseth <rodseth at gmail.com> wrote:
> Hi,
> 2013/2/27 Angel Velásquez <angvp at archlinux.org>:
>> For solving the problem right now -quick and dirty-, we just have to
>> add a validation (tsk tsk anyone who wants to sum contributions can
>> code this silly patch), if the user is suspended don't let him flag
>> the package and actually redirect him to the logout page (to kill
>> those cookies).
> Wouldn't he/she/they be able to just register more accounts and
> continue flagging packages this way?

Yes, a malicious user would be able to evade suspension by registering
new accounts. In my opinion, those situations call for IP banning.

More information about the aur-dev mailing list