Editable Comments. Now some sites have solved this problem by having you log into the site
to post a comment. It works, but when most people are presented with the option
of 'registering' with a site, or not leaving a comment, the usually choose the latter.
I do this myself all the time. Over the past year of surfing I have not registered with
a single site to leave a comment. So what I wanted was a system where you could leave a comment,
and return to edit it at any later time, yet not require registration.
Here's the basic description of how it work. Once you post a comment, that comment
gets a unique ID. I take that ID and concatenate it with a secret string secret that only I know,
then get an MD5 hash of the string ID+secret. The cgi script that accepts your
initial comment returns to you a URL that's of the form:
http://bitworking.org/news/comments/1-3/e0fd9772343dde302f7d709a45856fa8b
Where '1-3' is the ID of the comment and 'e0fd9772343dde302f7d709a45856fa8b' is the md5 hash.
When you visit that URL Bulu gets an md5 hash of the ID+secret, and if that
calculated md5 matches the one in the URL then you are allowed to edit the comment.
Now you can bookmark this URL, and use this URL to edit the comment, and as long as you keep the URL a
secret, no one else can edit your comment.
It's actually pretty simple once you give up on the idea of registration. You see,
registration is really asking for more information than is necessary. All I want to
know is that if you try to edit a comment, you were the person that created that comment
to begin with. With registration, the server knows all the comments
you have ever left.
How secure is it? Well, the URL is travelling over the web in plaintext, and all you
need is the URL to edit any comment, so I wouldn't use this to secure the commenting
system on anything real important. However, this is just a weblog, so I believe that
the level of security provided is appropriate for the context.
Once I have this tested for a few more days I will make another release of Bulu.
Ever dropped a comment on a site and wished you could go back and fix that typo,
or maybe the next morning you regret the use of the 'bollocks', either way
what you want is editable comments, which Bulu, the software that runs this site, now supports. [BitWorking]
Very good way of doing it. It reminds me of the way you access your discussion threads on Quick Topic recommended by Jon Udell, where you can create your own discussion thread. Very clever idea.
8:09:26 PM  - See Also: Metadata Programming
|
