Where would blacklists be put in a maintainable way?

A card is the most obvious choice, and the edit permission (and possibly view permission as well) should be restricted to either the Administrator role, or a role shared by a team of moderators. *blacklisted-ips and *blacklisted-urls, perhaps?

  --Ariel Millennium Thornton.....Mon May 25 20:58:16 -0700 2009

recommend looking over security checklist on wikimatrix.org

  --Ethan McCutchen.....Tue Jun 16 11:59:55 -0700 2009