0

I'm planning to develop a web app where users will list their site/blog. When people submit their sites, how can I confirm that they are the owners of it?

So for instance there is a user Mark who wants to submit someone else's website without their approval. I want to restrict Mark from doing so unless he is the actual owner.

My idea was to do a comparison between the user's email domain and the website domain she/he wants to submit. If they match allow the user to submit the website.

However most people don't register with their website domain address.. or perhaps I'll implement a Facebook connect in the future.

What other methods would you suggest?

Cyber Junkie
  • 784
  • 6
  • 14
  • 30
  • 1
    Testing against the mail domain won't work - xyz@yahoo.com would authenticate you as the owner of that domain – Pekka Dec 22 '10 at 18:53

6 Answers6

6

Google Webmaster Central, for instance, uses two approaches to authenticate you as the owner of a web site:

  • A HTML file with a random (pre-generated by Google) name that the web master has to upload to their web site

  • A special header that the web master has to put into the head part of their domain's index file.

These are two sure-fire ways to prove that you have access to the actual web site.

Pekka
  • 442,112
  • 142
  • 972
  • 1,088
4

Tell them to create a file with a randomly generated name in the root directory of their web site and then verify that it exists.
That's what Google Analytics (and others like that) do.

MK.
  • 33,605
  • 18
  • 74
  • 111
  • Thanks! That's a great suggestion but it's a long process for simply submitting a URL to a site directory. Can they instead add the random generated code in a javascript in their header? Like you would to display Google Adsense or affiliates. – Cyber Junkie Dec 22 '10 at 20:38
  • no, because you can't trust that all content on a domain comes from the domain owner... it could come from an add provider or in some cases from users. thats why a randomly generated filename in the root directory is used for this - not something a 3rd party could maliciously insert – Robert Levy Dec 23 '10 at 15:30
3

I've seen Google use a "code challenge." They ask you to insert a small piece of code with a unique value they provide into a page in the site. You add this snippet of code to the site and submit the address, and then Google verifies the code is there by reading the contents of the page. The assumption is that if you can alter the site, you own it.

Surreal Dreams
  • 26,055
  • 3
  • 46
  • 61
1

Do what Technorati does.

perhaps the easiest way is to post a link to Technorati (which can be erased as soon as you are spidered), which the Technorati spiders will check

Rafe Kettler
  • 75,757
  • 21
  • 156
  • 151
0

some possibilities

compare their names with their whois name.

what @mk said is a good one.. you can also have them put a meta tag in their page if they dont have access to their root. like if they run wordpress they can just go to wp-admin

andrewk
  • 3,721
  • 4
  • 30
  • 37
0

Require the user to create a URL on his site. Publish the site only if you have confirmed that the URL was created.

Oswald
  • 31,254
  • 3
  • 43
  • 68