Comment 3 for bug 341935

Revision history for this message
Francis J. Lacoste (flacoste) wrote :

By a concidence?, I received 20 bogus 'Launchpad: complete your registration.' yesterday night.

So I see what you mean. I see two things we could do to hinder the use of bots on that page:

1) Check the referer on the POST to be the actual form. I bots don't fake sane referer by default, that would stop a few of them.

2) Use a nonce on the form, so that the bots would need to fetch the form and support cookies to register.

I think 2 is probably more robust than 1, but the former is a lot cheaper.

What do you think?