Login at Kodi Home

sphere · 2015-02-17, 11:57

Regarding the spam, if nothing else helps we could integrate a captcha mechanism (the add-on could show a captcha image and input box). I am not sure if there are any captcha services which can be "kodi friendly", e.g. answer out of digits so the hassle of typing the answer with a remote is low enough.

What do you think?

**takoi** · 2015-02-17, 12:26

I think the usability can improved here. Tbh email setup is too cumbersome, and those urls are too long to remember so you have to write it down anyway. One thing I've seen getting very popular recently (especially as one time security codes) is using two randomly generated (but real) words that together doesn't make any sense. That way it will be very easy to remember. We could use that in place of the ids and urls. So when you upload the log it say 'give these words to the developer' or something. This will ofc require support from backend..

**takoi** · 2015-02-17, 12:26

On security: we can at least add api keys and obfuscate it in either the addon or in core. That will at least take care of the lazy spammers.

sphere · 2015-02-17, 12:34

(2015-02-17, 12:26)takoi Wrote: I think the usability can improved here. Tbh email setup is too cumbersome, and those urls are too long to remember so you have to write it down anyway. One thing I've seen getting very popular recently (especially as one time security codes) is using two randomly generated (but real) words that together doesn't make any sense. That way it will be very easy to remember. We could use that in place of the ids and urls. So when you upload the log it say 'give these words to the developer' or something. This will ofc require support from backend..

"Email setup" is totally easy: On first start the add-on just asks for your email-address, thats all.

(2015-02-17, 12:26)takoi Wrote: On security: we can at least add api keys and obfuscate it in either the addon or in core. That will at least take care of the lazy spammers.

I am pretty sure that obfuscating won't help here. I know there are multiple clones of my code/add-on used "by the bad guys". They will just copy my code (its GPL, so its by design). TBH I could write an DDOS tool using my code in about 10 minutes.

Regarding spam/ddos, I only see the captcha possibility - thats what it is designed for.

prae5 · 2015-02-17, 12:36

I do a lot of filter and blocking of IP addresses already. I'm reasonably sure I've got that taken care of now.

In terms of urls, that is changing slightly - will be slightly shorter.

I will look at API keys at some point, I'd rather avoid captchas (as personally I hate them).

**zag** · (This post was last modified: 2015-05-14, 12:07 by zag.)

Just bumping this as its gone nowhere yet

~~Ned Scott~~ · 2015-05-15, 01:30

This won't really help with posting the logs themselves, but just an FYI: v15 has a default keymap toggle for debugging. Just do shift+control+D