Question
I setup the DISQUS and found some very interesting thing that it is just a small Javascript code which identified site-account by disqus_shortname and/or disqus_identifier. So if I copy code from any other site which uses disqus then Its work on my web page too by using that site's disqus_shortname and/or disqus_identifier. Disqus will populate my page with comments for that particular thread without checking out If it is legitimate account/page.
Is that fine/expected practice/behavior for a comments system ?
Solution
Well, default setting is not very secured. Try to set Trusted Domains in Advanced Settings.
You may optionally specify a list of trusted domains (one per line) that are allowed to connect to your Disqus comments embed. Specify one domain per line. The domain will include all subdomains below it, e.g. blog.disqus.com will include that domain, as well as foo.blog.disqus.com and bar.blog.disqus.com.
Update:
localhost is always enabled, see comments and @kuldeep.kamboj findings
https://stackoverflow.com/questions/22243563
italiano
english
français
española
中国
日本の
العربية
Deutsch
한국어
Português
Russian