Dismiss Notice
Join Physics Forums Today!
The friendliest, high quality science and math community on the planet! Everyone who loves science is here!

Attachment approvals

  1. Nov 9, 2007 #1
    I understand the need to prevent people from uploading explicit images and what-not, but I think I should get to upload attachment's without approvals after I hit 1000 posts, or at least more people should have the authority to approve attachments. I think it is wrong that I should have to wait more than a day to have my attachments approved.
     
  2. jcsd
  3. Nov 9, 2007 #2

    JasonRox

    User Avatar
    Homework Helper
    Gold Member

    That's a good point.
     
  4. Nov 9, 2007 #3

    Evo

    User Avatar

    Staff: Mentor

    We try to update attachments as soon as we see them. Although, some attachments that are questionable may be delayed.

    If you need an attachment approved right away, you can use the "report post" button and request the attachment be approved. That will bring it immediately to our attention. Just be careful not to abuse the report button and use some discretion as to how long you've been waiting. I usually go in and check for attachments at least once a day, as do several other mentors.
     
  5. Nov 9, 2007 #4

    JasonRox

    User Avatar
    Homework Helper
    Gold Member

    But let's you're a member and have like 1000 posts. Couldn't there be a direct approval system made?

    What causes an attachment to be questionable, besides the obvious?
     
  6. Nov 9, 2007 #5

    Moonbear

    User Avatar
    Staff Emeritus
    Science Advisor
    Gold Member

    I think that's a good suggestion. If we haven't banned you for spam or crackpottery by 500 or 1000 posts, it seems we can probably trust you to have automatic approval on your attachments.

    For now, if a post sits with an unapproved attachment for more than half a day (that seems like a reasonable time for someone to notice it), feel free to send a PM to a mentor or report the post to request we approve the attachment. You shouldn't have to wait over a day for approval; that is too long.

    (P.S., Your attachments are now approved.)
     
  7. Nov 9, 2007 #6

    Evo

    User Avatar

    Staff: Mentor

    I think there might be a limit with how powers are granted.
     
  8. Nov 9, 2007 #7

    Gokul43201

    User Avatar
    Staff Emeritus
    Science Advisor
    Gold Member

    We discussed this some among the Homework Helpers. Attachment approval is something of a problem in the homework forums, where typical response times are on the order of a couple hours, unless there's an attachment in the OP.

    Automatic attachment approval for regulars would be sweet!
     
  9. Nov 9, 2007 #8

    Moonbear

    User Avatar
    Staff Emeritus
    Science Advisor
    Gold Member

    Or, alternatively, if HW Helpers and Science Advisors were allowed to approve attachments, it would probably speed up the response time. I'm not sure what the constraints are of the forum software, if it's possible to give people power to approve attachments without access to the other moderation tools, or if people can be put into a "regulars" user group once they've hit a certain post count that allowed automatic approval of attachments.
     
  10. Nov 9, 2007 #9

    Gokul43201

    User Avatar
    Staff Emeritus
    Science Advisor
    Gold Member

    We've hoped/asked for this before, if I recall correctly. I think it is time for more aggressive lobbying. :devil:
     
  11. Nov 10, 2007 #10

    Evo

    User Avatar

    Staff: Mentor

    If Greg can give attachment only approval to HH's I think it would be a great idea.
     
  12. Nov 10, 2007 #11

    Moonbear

    User Avatar
    Staff Emeritus
    Science Advisor
    Gold Member

    Greg's on vacation right now, so won't be able to respond to this right away.
     
  13. Nov 10, 2007 #12

    G01

    User Avatar
    Homework Helper
    Gold Member

    It sounds like a great idea, since pending attachments very often prevent certain problems in the Homework Forums from being solved, even if they are not really difficult for the helpers. I would be all for the "regular poster" idea or giving more people the ability to approve attachments.
     
    Last edited: Nov 10, 2007
  14. Nov 10, 2007 #13

    Integral

    User Avatar
    Staff Emeritus
    Science Advisor
    Gold Member

    Meanwhile, use the Report Post button to draw attention to a unapproved attachment. It would not be a bad idea for the OP to report the post for approval immediately after posting .
     
  15. Nov 11, 2007 #14

    Chris Hillman

    User Avatar
    Science Advisor

    This is a Terrible Idea! Greg, Don't Do It!

    PF moderators have no way of knowing how careful even a long-time poster is regarding computer security! I for one strongly urge PF to continue to insist on individually moderating images and other attachments, including scanning them for possible malware. This is very important!

    Please recall that many popular "social networking" websites, including MySpace, LinkedIn, Facebook, Friendster, and Wikipedia, have experienced problems with phishers uploading dangerous malware which seriously affected at least some visitors. To mention only one item from a long long list of possible unintended consequences of the proposed change.

    Decisions which affect security always involve a tradeoff between convenience, practicality, and security. IMO, security should remain a primary consideration for the maintainers of PF, particularly given evidence of the changing nature of criminal activity on the web which seems to indicate a trend toward targeting social networking sites.

    (Since this discussion affords me a rare chance to say something nice about WP, I note that one reason why so few security problems with WP, e.g. compromise of non-public portions of the internal database, have hit the news is that Brion Vibber has been much careful about security than some other networking website admins have been. Another reason, less happy, is that even computer literature commentators generally seem to be badly confused by the complexity of WP's social and software structure.)

    If PF should seriously consider changing its policy by allowing users to upload anything which could cause unprotected browsers to execute unexamined code, please announce the change well in advance and give concerned users the option of not only not revisiting PF, but of having their information wiped from the internal database before the change is implemented!
     
    Last edited: Nov 11, 2007
  16. Nov 11, 2007 #15

    Evo

    User Avatar

    Staff: Mentor

    That's a good point Chris. We make Moonbear open all of the suspicious links since she has a Mac.
     
  17. Nov 11, 2007 #16

    Chris Hillman

    User Avatar
    Science Advisor

    All Joking Aside...

    :wink:

    But seriously, while I do not use That Other Operating System, there are many very serious issues here. Compromising security is never something to do lightly, and if it were up to me, Greg and chroot would have regular discussions about reviewing and improving the security situation at PF, which would include tracking problems noted at other websites and corresponding with other admins.

    I should probably point out that Macs are not immune to malware; see for example Macs seized by porn Trojan, 'First' Mac OS X Trojan sighted, and Virus dances onto Mac OS X from The Register. Likewise see Linux Malware On The Rise from InternetNews, Linux and Mac OS X get some love (?) from malware writers from Ars Technica, etc.

    Everyone: I strongly urge that discussion of specific security concerns at PF be confined to PM for obvious reasons!
     
    Last edited: Nov 11, 2007
  18. Nov 11, 2007 #17

    G01

    User Avatar
    Homework Helper
    Gold Member

    Very Good Point Chris. I have to agree that giving regular users upload privileges would be a security risk. Obviously, I still think that something should be done with the approval delays. They really do affect the efficiency of the HH forums. Obviously, I don't think we can ask too much more of the mentors (Evo would eventually snap and start swinging fishes in other forums.:biggrin:)

    I would still support giving the privilege to the Homework Helpers with one caveat. There is an issue with giving the privilege to that large a group. That is a lot more people that would have to be trusted with an important part of running the site. If Greg thinks this is possible and workable, then great, but if he doesn't I would understand his concern.
     
  19. Nov 11, 2007 #18

    Chris Hillman

    User Avatar
    Science Advisor

    Some suggested reading

    I think a more reasonable suggestion would be to explore autoscanning of uploads by homework helpers whose IRL identities are known to Greg and chroot, using the latest scanning packages. But only after some careful checking that the new system is working as intended and only if regular checks are performed thereafter to ensure it hasn't been inadvertently broken by some unrelated upgrade.

    I would be concerned about autoscanning generally because auto-anything provides a weakness which can often be exploited. Restricting autoscanning to uploads from a small and select group with the greatest need for the added convenience makes much better sense than enabling autoapproval of all uploads.

    IMO, every effort should be made to minimize the chance of compromise of the internal database or of expositing PF visitors to the possibility that their browser will execute any unvetted code.

    Here are some links to related new items from various on-line "techie" newsletters:

    From the second Dark Reading item cited above, as an illustration of why we need to think this through before doing anything hasty:
    Something to bear in mind when reading alerts from sources such as SANS is that many vendors not only have a motive for a certain amount of fear-mongering, but may be owned or at least unduly influenced by the Evil Giant; see for example this rant from linux.com. Similarly, techie newletters and even major media sources often turn out to have surprising ownership, which may cast doubt on the impartiality of their reporting. And those of you who have played with [http://wikiscanner.virgil.gr/]Wikiscanner[/url] will know that numerous BBC staffers have been caught slanting Wikipedia articles related to the BBC (or to colleagues).

    Just to keep it all in perspective, here's some further food for thought from the Register. :uhh:
     
    Last edited: Nov 11, 2007
  20. Nov 13, 2007 #19
    At this time there is not a function to give HH attachment approval rights. Whether we develop something is an idea I'll explore when I get back in town next week.
     
  21. Dec 20, 2007 #20
    Excuse my ignorance about computer science, but I did not think that image-uploading was in any way a security issue in the sense that downloading an image could actually cause harm to your computer. I thought the main issue was with people uploading pornographic or otherwise explicit images, which is certainly a problem but is not really a threat to your operating system. If I understand your post correctly, then you are saying that merely downloading an image in a standard format such as jpg or bmp can damage my computer somehow. I was not aware of that, but again this is probably just ignorance.
     
Know someone interested in this topic? Share this thread via Reddit, Google+, Twitter, or Facebook

Have something to add?



Similar Discussions: Attachment approvals
  1. Attachments & approval (Replies: 3)

  2. Attachment approval (Replies: 2)

Loading...