more more!

hehe... I imagine there is a bunch more. Just need to get all this script kiddie stuff out of the way first.

fixed your last discovery at register page.

had some silliness going on that element's innerHTML was set to form's content.

previously i had just fixed to escape HTML in the form itself.

dig some more later. In the meantime, you guys should work on limiting cookie/referrer-less traffic to prevent DOS attacks and profile...

...view count gaming.

good thinking!

the chick with the top profile views on Plurk right now obviously gamed many of those. My profile views are proof of concept on that.

yep, i noticed that

YouTube had a big problem with video count view gaming. Not sure if they ever fixed it 100 percent. I know they did enough to keep the...

we have a framework for rate-limiting

...skiddies away though

yeh

we rate limited logins and registrations recently

so we can just reuse that stuff for profile views as well.

would have to see how your rate limiting is setup to really say much.

"we have a XSS lib in place" - amix

i am gonna query amix for more details about it

^^^ Thinks the rate-limiting out of the box solution might also be screwy based on that.

i know we added xss protection right at template level

but i did not examine it as i was working on something else

you guys also might want to talk to Steadfast about upgrading nginx. The change logs since 0.6.32 have a bunch of stuff in them.

we control the servers ourselves

Sweet...

thanks a lot for your suggestions Loren. we appreciate it

np