Security on an anounoumou site still trying to get this one off the ground, sort of a self assigned homework for my “crazy” artist friend. I told him I’d take the author and date tags off of the home page, but he’s wanting it to be completely anonymous, like you don’t even have to sign in to post… he’s a huge fan of 4chan. But that’s completely counter intuitive to everything I’ve been taught about best practices and one of the “core” features of Bonfire… so any thoughts on a forward facing anonymous post module, is that just a huge security risk waiting to happen or am I being overly cautious… I’m still a self taught newb and am trusting for the security, it’s very modular, but designed to function after you’ve logged in… not just here’s an open form on the home page, post what ever, but I guess all of the XSS filtering and such (like I know what I’m talking about) Bonfire would still take care of that, right… ?


:tup: for asking.

You’ve described a gift to hackers and I’d recommend dumping your crazy artist friend before he contaminates ALL your clients.

If you really must deal with him. use an account on a host which you do not use as his invitation to hackers will cause the server to be quickly overwhelmed with malware.