Re^2: How about a "reclaim your post" feature?

Sounds like a good idea though I rather think it should go through a consideration stage since IPs are not good security.

Um, how about a Cryptographic nonce? Like Plack::Middleware::CSRFBlock but using Session::Token

And after posting anonymously, there is a form with a nonce and a submit button of [LOGIN AND CLAIM OWNERSHIP OF THIS POST YOU JUST MADE] that way there is IP nothing ... you made an anonymous post, great, own it immediately or you can't own it

Comment on Re^2: How about a "reclaim your post" feature? Download Code

Replies are listed 'Best First'.
Re^3: How about a "reclaim your post" feature? by Your Mother (Archbishop) on Jan 26, 2015 at 03:51 UTC
Excellent++. Stacking it such that signing in doesn’t drop it would also be a good idea. Or IP + User Agent string + time limit HMAC or something would’t need a cookie/session at all and make it such that a “replay” attack wouldn’t work in … 10 minutes (based on post time) or so. More secure than the login under HTTP. :P	[reply]