|
The Feedback module is one of the very few modules that require no administration. It does, however, offer a minor security-related issue. As shown in Figure 16.1, the module allows users to send feedback to you regarding your site. Figure 16.1. Asking your users for their feedback.The main problem with this module is that it provides no verification or validation of anything the user types in, including the Your Name and Your E-mail fields. In other words, anyone with access to the module can type anything they like. Because the form accepts data through the standard HTTP protocol form-handling techniques, it's possible for someone to write a small script or program that automatically submits multiple bogus feedback messages. The end result? Your administrative e-mail box fills up with spam, and you won't even know who's doing it. As written, there's not much you can do to improve the Feedback module. However, there are some things you can do to minimize the chances for its abuse:
My recommendation? Disable the module completely. Users are better served by a "feedback" discussion forum, which gives you much more flexibility for replying to them, discussing their suggestions, and so forthall of which makes you a more visible, caring Webmaster who'll earn your users' loyalty. |
|