[development] access module

Balazs Dianiska csillagasz at gmail.com
Fri Aug 22 15:55:54 UTC 2008

> I wouldn't worry too much about misuse, since people could just visit the
> page hundreds of times anyway to achieve the same result - just make a post
> request to a javascript menu callback, and log from there.

I was concerned about that one could fabricate a post call and do it
programmaticaly. Having validation at least requires semi-real visits
from a JS capable browser and some automatization, which hopefully is
a little bit more difficult to do on large scale than the fabrication.

However it just dawned on me that I could just check for a session in
the callback code, which should prevent most fabrications to work.

Earnie: yes I looked at other alternatives, but none of them seems to
give me the simple output of the standard access module, just more
accurately (-bots).

Thanks for the feedback,

More information about the development mailing list