I'm planning to develop a web app where users will list their site/blog. When people submit their sites, how can I confirm that they are the owners of it?
So for instance there is a user Mark who wants to submit someone else's website without their approval. I want to restrict Mark from doing so unless he is the actual owner.
My idea was to do a comparison between the user's email domain and the website domain she/he wants to submit. If they match allow the user to submit the website.
However most people don't register with their website domain address.. or perhaps I'll implement a Facebook connect in the future.
What other methods would you suggest?
I've seen Google use a "code challenge." They ask you to insert a small piece of code with a unique value they provide into a page in the site. You add this snippet of code to the site and submit the address, and then Google verifies the code is there by reading the contents of the page. The assumption is that if you can alter the site, you own it.
Google Webmaster Central, for instance, uses two approaches to authenticate you as the owner of a web site:
A HTML file with a random (pre-generated by Google) name that the web master has to upload to their web site
A special header that the web master has to put into the head part of their domain's index file.
These are two sure-fire ways to prove that you have access to the actual web site.
Tell them to create a file with a randomly generated name in the root directory of their web site and then verify that it exists.
That's what Google Analytics (and others like that) do.
Do what Technorati does.
perhaps the easiest way is to post a
link to Technorati (which can be
erased as soon as you are spidered),
which the Technorati spiders will
check
some possibilities
compare their names with their whois name.
what @mk said is a good one.. you can also have them put a meta tag in their page if they dont have access to their root. like if they run wordpress they can just go to wp-admin
Require the user to create a URL on his site. Publish the site only if you have confirmed that the URL was created.
