Hacker News new | past | comments | ask | show | jobs | submit login

How do you prevent people from just copying someone else's magic string?



The magic string doesn't need to be private, each user gets a randomly generated string. Either they can place it into their own profile or not.


If you make the magic string an HMAC of the user's name and some secret, then they should be non-transferrable.


Requiring the user to HMAC to be able to post jobs is great and would help filter out recruiters that can't figure that stuff out.

Or better yet, how about a job board that requires the person submitting the job to solve programming puzzles common in technical interviews. Also permit people posting the jobs to link to open-source projects that their company publishes and contributes to. It would be great if people could filter the job board to only show jobs from companies that have completed a challenging puzzle and/or publish/contribute actively to an existing open source project with X number of forks and Y number of followers.

Searching companies by some sort of "github" rank based on the people on the company's organization page would be awesome too. i.e. between the 10 developers listed on a page, what is their average forks/dev and stars/dev?


It wouldn't work to make the user perform the HMAC, since it requires having the secret, and then the user could share the secret. You need the server to calculate

magic = HMAC(secret, username)

and then give 'magic' back to the user. And then the server can decide whether the (username, magic) pair is valid.


you could still require the user to HMAC too, just for filter's sake :-)

alternatively, make the 'submit job' feature only available as a (documented) HTTP POST operation without any matching HTML form.


Then the recruiting companies will just pay a dev to write a tool for them to bulk post job req's all day.




Join us for AI Startup School this June 16-17 in San Francisco!

Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: