The Artima Developer Community
Sponsored Link

Ruby Buzz Forum
Comment Authentication Prototype

0 replies on 1 page.

Welcome Guest
  Sign In

Go back to the topic listing  Back to Topic List Click to reply to this topic  Reply to this Topic Click to search messages in this forum  Search Forum Click for a threaded view of the topic  Threaded View   
Previous Topic   Next Topic
Flat View: This topic has 0 replies on 1 page
Jon-Carlos Rivera

Posts: 28
Nickname: voxel
Registered: May, 2005

Jon-Carlos Rivera is a freelance developer in Red Bank, New Jersey
Comment Authentication Prototype Posted: Oct 13, 2005 1:48 PM
Reply to this message Reply

This post originated from an RSS feed registered with Ruby Buzz by Jon-Carlos Rivera.
Original Post: Comment Authentication Prototype
Feed Title: Vox Clandestina
Feed URL: http://www.voxclandestina.com/category/ruby/rss2
Feed Description: News, Patches, and Commentary from the edge of Ruby and Rails development
Latest Ruby Buzz Posts
Latest Ruby Buzz Posts by Jon-Carlos Rivera
Latest Posts From Vox Clandestina

Advertisement

I've built a prototype of the comment signature system discussed earlier. The prototype consists of an authentication server which anyone can register with and support on this blog for verifying signatures. So far it seems to work.

To gain the ability to sign comments:

  1. Add the following HTML to the head section of your homepage/weblog: <link rel="sigserver" href="http://simon.incutio.com/auth/confirm" />
  2. Create a comment authorisation account.
  3. Log in to your authorisation account and add the bookmarklet it provides you with to your browser.
  4. You can now sign a comment on this site (and any others that support the prototype) using the bookmarklet. You must activate it while looking at the entry page containing the 'Add Comment' form. The site will do the rest. Note that the bookmarklet will fill in the name, email and url fields on the form, saving you the hassle.

To add support for comment authentication to your own blog (assuming it uses PHP):

  1. Grab this file: sig-confirm.inc.php. It contains a function which can be used to confirm a signature. It requires IXR, which you can download from here.
  2. Make some minor modifications to your 'add comment' form, to make it compatible with the bookmarklet. You need to assign ID attributes to the input fields for name, email and URL of 'commentFormName', 'commentFormEmail' and 'commentFormURL' respectively. You also need to add a hidden field like this one: <input type="hidden" name="signature" id="commentSignature" value="" />
  3. Modify the code that processes the add comment form. If 'signature' is not an empty string, the comment has been signed so confirm the signature by calling the confirmSig() function (documentation of the arguments is included in the sig-confirm.inc.php file). If the function returns true, flag the comment as signed. I suggest doing this by saving the signature variable along with the rest of the comment.
  4. When displaying comments, be sure to visually indicate comments that are "signed".

The system is decentralised, so if you want to host your own authentication server rather than relying on mine feel free to grab the PHP code (warning: it's a bit of a mess) and use it as a starting point.

This is more of a proof of concept than anything else, so feedback and suggestions would be very welcome.

Incidentally, this isn't the first time this problem has been tackled. See here and here for details of a system that uses PGP to sign and verify comments.

Read: Comment Authentication Prototype

Topic: [WPF] Expert Needed For The API Formerly Known as Avalon Previous Topic   Next Topic Topic: Irony is not Dead

Sponsored Links



Google
  Web Artima.com   

Copyright © 1996-2019 Artima, Inc. All Rights Reserved. - Privacy Policy - Terms of Use