[openlp-dev] Submitting bug reports from OpenLP to osticket

Tim and Alison Bentley Home at trarbentley.net
Sat Nov 11 03:24:44 EST 2017

Capacha can be made better and Google are improving it with their I'm a
Robot.  This uses browseing history etc to work out if the caller is a
human or not.  On Church machines, there may not be enough history for this
to work.

The one time pin seems interesting but could we do in simpler by doing all
steps at the same time?  This way we can may the shared key a one time key.

Call openlp for a key and cache the key against the IP address for 1 min.
Client uses the return to generates the real token and resubmits it with
the form.
OPenLP checks the token against the IP and if they match passes the request

On 10 November 2017 at 23:15, Philip Ridout <phill.ridout at gmail.com> wrote:

> So today we have had a little discussion on IRC about changing the bug
> report code to submit directly to our support ticket system osTicket (
> http://osticket.com/).
> Currently our system is a bit clunky in that when the user submits a bug
> report, their email application is opened to send email the report. This
> has some limitations, such as if the user uses web mail, or as I discovered
> earlier that Outlook does not add attachments.
> Fortunately osTicket has an api we can use to create new tickets. However,
> osTicket requires a api key which is assigned to a specific ip address. So
> the idea so far is to have a flask script which can act as a kinda proxy,
> but the issue is how can we secure this against abuse?
> Superflys suggestion was for the FTW to contact the server and get a
> shared key. Then when the exception form wants to submit to the proxy app,
> OpenLP generates an OTP (One Time Pin) and sends that as one of the
> headers. Kind of like time based two factor authentication.
> My suggestion was for a capacha, but as superfly correctly stated its not
> very user friendly. Its also another thing to get in the way of a user
> submitting a bug report.
> Do you guys have any alternative suggestions, or comments on the two above?
> Regards,
> Philip Ridout
> _______________________________________________
> openlp-dev mailing list
> openlp-dev at openlp.io
> https://lists.openlp.io/mailman/listinfo/openlp-dev

Tim and Alison Bentley
Home at TRARBentley.net
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openlp.io/pipermail/openlp-dev/attachments/20171111/2e6fa014/attachment.html>

More information about the openlp-dev mailing list