XmlRpcPlugin: Filter RPC calls considered as spam

[Olemis Lang]

Inspired on ​a previous experience @ TH.org.

I suppose this should be implemented in two phases:

• Add support for filters in core
• Implement a glue layer to reuse functionalities provided by third-party packages

but I am not sure because I am not very aware of current (anti-spam) support added by plugins.

[osimons]

This is a non-issue with current state of plugin as far as I can see. All wiki and ticket updates should be made on top of the Trac infrastructure, and not using direct model or database access. That means it will respect:

• manipulators that may veto a change (such as spam filter plugin)
• permissions in case fine-grained policies are added via plugins
• (and make sure that listeners are aware of the update for notifications and similar)

That needs to be the model for all RPC methods makeing changes - behave just as if the input arrived from web.

[osimons]

BTW: This site currently runs Trac 0.10.x and corresponding version of the plugin that has not seen changes for over 3 years...

I'm closing as 'worksforme' with 'upgrade' as recommended solution :-)

[Olemis Lang]

Replying to osimons:

I'm closing as 'worksforme' with 'upgrade' as recommended solution :-)

Ok. I'll check out later what should be the errors reported by the plugin once a filter blocks a given RPC request . I suppose that not all anti-spam solutions are useful in this case (e.g. captchas for RPC ?) but that's part of the server configuration process and definitely something we shouldn't care about (unless it may cause conflicts e.g. all calls rejected because of missing captcha when that filter is used for wiki pages and tickets ?)