Thu, Jun 07, 2012 by Andrew Conway
For any social network, or indeed, any site that allows user generated content, there are some unpleasant tradeoffs. The first is the front door – the easier you make it to sign up for a new account, the more users you get, but also the more opportunity you have for spammers to set up farms of thousands of fake accounts used for message spamming. Of course, you can throw your hands up in the air and delegate the problem to other people as Pinterest does, but if you use Twitter or Facebook for account validation you are putting one of the most important aspects of your security in the hands of your competitors.
Once your users have accounts, there is an even bigger trade off. The more flexibility you give them in what they can post, the richer the user experience, but the more scope there is for abuse. There are some reasonable ways you can deal wit some common attack vectors – host all pictures on your site so they don’t suddenly start advertizing kiddie porn sites, remove iframes from HTML so they don’t start serving up malware, scan PDFs for known exploits, and of course, use Cloudmark’s state of the art spam detection on all messages and postings.