[pLog-svn] r6088 - plog/branches/lifetype-1.2/class/security

Jon Daley plogworld at jon.limedaley.com
Thu Nov 29 10:29:10 EST 2007


Ok, so think about this scenario:

Comment is not caught by bayesian filter, but is caught by auth image.

Bayesian filter trains as non-spam.
Auth image catches it as spam.

The old method would re-run the bayesian filter so it trains the text as 
spam, so even if the spammer figures out the auth-image code, his text is 
now trained correctly.

The new method causes the spam text to be trained as non-spam and left in 
the database, making the bayesian filter not work as well.

This is why we need to run the pipeline twice.


On Thu, 29 Nov 2007, Mark Wu wrote:

> Hi Jon:
>
> I think the easiest way is just try to revert the code to 6087, and test the
> original $pipeline and see the different between each commit.
>
> About the order of filter, in this case should be, we suppose it will
>
> "NullFilter"
> "CommentFilter"
> "BayesianFilter"
> "AuthimageFilter"
> "RecaptchaFilter"
>
> in rev 6087 (old way) , it will run this
>
> 1sr run   NullFilter(valid)=>CommentFilter(valid)=>BayesianFilter(invalid)
> 2nd run
> NullFilter(valid)=>CommentFilter(valid)=>BayesianFilter(invalid)=>AuthimageF
> ilter(Maybe valid, maybe invalid, we don't care)=>RecaptchaFilter(Maybe
> valid, maybe invalid, we don't care)
>
> That's why comment add twice.
>
> *we save the baysian filter result to $this->_result (it is the first
> invalid filter)
>
> in rev 6088, it will run like this
>
> 1sr run   NullFilter(valid)=>CommentFilter(valid)=>BayesianFilter(invalid)
> 2nd run  AuthimageFilter(Maybe valid, maybe invalid, we don't
> care)=>RecaptchaFilter(Maybe valid, maybe invalid, we don't care)
>
> *we save the baysian filter result to $this->_result (it is the first
> invalid filter)
>
> in rev 6089
>
> only 1 run
> NullFilter(valid)=>CommentFilter(valid)=>BayesianFilter(invalid)=>AuthimageF
> ilter(Maybe valid, maybe invalid, we don't care)=>RecaptchaFilter(Maybe
> valid, maybe invalid, we don't care)
>
> *we save the baysian filter result to $this->_result(it is the first invalid
> filter)
>
>
> *****Notice. If all filters' result are valid, we will save the last
> filter(RecaptchaFilter) result into $this->_result
>
> Mark
>
>> -----Original Message-----
>> From: plog-svn-bounces at devel.lifetype.net
>> [mailto:plog-svn-bounces at devel.lifetype.net] On Behalf Of Jon Daley
>> Sent: Thursday, November 29, 2007 11:09 PM
>> To: LifeType Developer List
>> Subject: Re: [pLog-svn] r6088 -
>> plog/branches/lifetype-1.2/class/security
>>
>>  	Ok, let me try another way.  What order do the bayesian
>> filter, auth image and recaptcha plugins run in?
>>
>> On Thu, 29 Nov 2007, Mark Wu wrote:
>>> We use the registerFilterI() in plugins.
>>>
>>> Before we process the pipeline, all filters (plugin and system)
>>> already in that global filter array()
>>>
>>> So, no mater system filters or plugin filters, we just need to run
>>> once, thats an assumption.
>>>
>>> I think it is valid assumption.
>>>
>>> Mark
>>>
>>>> -----Original Message-----
>>>> From: plog-svn-bounces at devel.lifetype.net
>>>> [mailto:plog-svn-bounces at devel.lifetype.net] On Behalf Of Jon Daley
>>>> Sent: Thursday, November 29, 2007 11:02 PM
>>>> To: LifeType Developer List
>>>> Subject: Re: [pLog-svn] r6088 -
>>>> plog/branches/lifetype-1.2/class/security
>>>>
>>>> On Thu, 29 Nov 2007, Mark Wu wrote:
>>>>> Becasue we stop (break) afetr BaysianFilter, so the
>>>> AuthImage did not
>>>>> executed in 1st run.
>>>>>
>>>>> Then, we go to 2nd, we did not run those executed one,
>> and just run
>>>>> authimage
>>>>
>>>>  	But, the trouble is that the plugin doesn't get to
>> decide, but you
>>>> decided globally that the plugin shouldn't run the second
>> time.  That
>>>> is not a valid assumption.
>>>>
>>>> _______________________________________________
>>>> pLog-svn mailing list
>>>> pLog-svn at devel.lifetype.net
>>>> http://limedaley.com/mailman/listinfo/plog-svn
>>>
>>> _______________________________________________
>>> pLog-svn mailing list
>>> pLog-svn at devel.lifetype.net
>>> http://limedaley.com/mailman/listinfo/plog-svn
>>>
>>
>> --
>> Jon Daley
>> http://jon.limedaley.com/
>>
>> There are two ways to write error-free programs; only the third works.
>> -- Alan J. Perlis
>> _______________________________________________
>> pLog-svn mailing list
>> pLog-svn at devel.lifetype.net
>> http://limedaley.com/mailman/listinfo/plog-svn
>
> _______________________________________________
> pLog-svn mailing list
> pLog-svn at devel.lifetype.net
> http://limedaley.com/mailman/listinfo/plog-svn
>

-- 
Jon Daley
http://jon.limedaley.com/

Reality is what refuses to go away when I stop believing in it.
-- Philip K. Dick


More information about the pLog-svn mailing list