Movable Type Community Forum > Protecting comments in restricted weblogs

Full Version: Protecting comments in restricted weblogs

Movable Type Community Forum > Additional Resources > Tips and Tricks

toddt

Mar 24 2003, 02:19 PM

Our site has several weblogs. Some are private, hidden from public view with htaccess. I am adding our first public weblog that will accept comments, and I realize now that it will be quite easy to view comments on private weblogs by hacking mt-comments.cgi URLs.

(My problem is compounded by the fact that I am starting to use mt-comments.cgi instead of Individual Archives, ie, including all entry data in the the Comment Listing Template.)

Anyone have ideas on protecting these posts from public view? I don't know Perl, but looking at comments.pm I wonder if the following is possible: include blog_id in the URL; compare blog_id to $entry->blog_id; generate error message if they do not match. Then at least one would have to guess a valid entry ID for a blog ID in order to view comments on private weblogs.

This is a "lo-fi" version of our main content. To view the full version with more information, formatting and images, please click here.