Somewhere down the line the posting pages have to be
1) Secure, and use https, otherwise you can sniff all of the details being passed via the script.
2) Authenticated, in otherwords you can only post data if you can authenticate/verify your connection.
3) Verified as making sense, both in terms of content (URLS must look like URLS, Date-times must look like date-times etc) and length.
This present several problems.
First to use https you need to pass and verify certificates, this should ideally be done only once otherwise each post to the database prompts you to verify the certificate.
Second the posting of data needs to be done using some sort of exchange of passwords, or verification of content and length, otherwise we are liable to be open to DOS attack.
Currently we do little of this, simply because we have been concerned maily with getting meaningfull results from what we have created so far.
I have one question. Do we need to put all of this in place before we post an interim release, or do we state this is a goal for the next major release.