rentry_official · 32 answers · 2d
I'd like to improve the security of edit codes. How do these options sound to you?
* Add a 'strength meter' that requires a certain length, like a password. This would be based on how hard it'd be to crack, rather than fixed rules
* Switch the custom edit code option with a tickbox, making it so that only randomised edit codes are possible.
* Prevent re-using the same edit codes twice within the same 2 hours on different URLs (checked per user, not against all users)
I feel the first option is probably the most viable. Especially if someone sets the code to something like 'dog' and the strength meter tells them their URL can very likely be stolen. Maybe integrating this with a list that showcases highly compromised passwords, if that resource is available to you at all?
Option 2 could be beneficial to some, especially for higher demand URLs, but I'd be rather paranoid about misplacing my randomized password. I'm assuming the intent behind it is to have the feature remain optional per URL, and if so, then I believe some increased URL verification would work best here. Something where the system can keep track and send the randomized password to the user in question. I believe this would work best if integrated with the claim system, rather than implementing it for URLs that aren't reclaim worthy. Although making it reclaim-exclusive might defeat the purpose, those are just my thoughts on the idea.
As for the third one, I believe this would cause more problems than it'd solve. Similar to the randomized passwords idea, I'd be fairly stressed about misplacing edit codes, and especially worried about being able to edit my URLs if I were bulk updating them.
