Re: [cgiapp] RFC: CGI::Application::Plugin::CAPTCHA

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [cgiapp] RFC: CGI::Application::Plugin::CAPTCHA

Subject: Re: [cgiapp] RFC: CGI::Application::Plugin::CAPTCHA
Date: Fri, 26 Aug 2005 15:11:54 -0700
From: Tony Fraser <suppressed>

On Fri, 2005-08-26 at 14:35, Michael Peters wrote:
> Dan Horne wrote:
> > It would be nice if whatever solution is selected can run under Windows too.
> > Many memory-based caching systems are specific to *nix systems and don't
> > work with MS (particularly the IPC ones). What about supporting the
> > Cache::Cache API, and then  let the developers choose which Cache::* module
> > suits?.
> 
> Ok, before we go down this road, can anyone give me a good reason that
> we need to permanently store these images or even cache them? The
> CAPTCHA phrase should be random enough that we would never use the same
> image twice in a reasonable amount of time right?

Unless you require the use of cookies you need to store either the image
or the string that is in the image on the server. You need the hash when
you generate the form that is protected be the captcha and you need the
plain text that is in the image when you generate the image.

To me that leaves 2 choices:

1. Store the plain text on the server somehow, indexed by the hash. Then
generate the image as needed.

2. Generate the image and the hash at the same time and somehow save the
image so that it can be retrieved by its hash in a separate HTTP
request.

Either way there has to be persistent storage on the sever. My vote is
to generate the hash and the image at the same time. Save the image to
the filesystem and let the webserver do its thing for the second HTTP
request by serving the image as static content.

If you put the info required to generate the image in the query string
of the runmode that generates the image you've just given the robots
everything they need to defeat the captcha.

-- 
Tony Fraser
suppressed
Sybaspace Internet Solutions                        System Administrator
phone: (250) 246-5368                                fax: (250) 246-5398

---------------------------------------------------------------------
Web Archive:  http://www.mail-archive.com/suppressed/
              http://marc.theaimsgroup.com/?l=cgiapp&r=1&w=2
To unsubscribe, e-mail: suppressed
For additional commands, e-mail: suppressed

Follow-Ups:
- RE: [cgiapp] RFC: CGI::Application::Plugin::CAPTCHA
  - From: Dan Horne
- Re: [cgiapp] RFC: CGI::Application::Plugin::CAPTCHA
  - From: Rhesa Rozendaal

References:
- RE: [cgiapp] RFC: CGI::Application::Plugin::CAPTCHA
  - From: Dan Horne
- Re: [cgiapp] RFC: CGI::Application::Plugin::CAPTCHA
  - From: Michael Peters

Prev by Date: Re: [cgiapp] RFC: CGI::Application::Plugin::CAPTCHA
Next by Date: RE: [cgiapp] RFC: CGI::Application::Plugin::CAPTCHA
Previous by thread: Re: [cgiapp] RFC: CGI::Application::Plugin::CAPTCHA
Next by thread: RE: [cgiapp] RFC: CGI::Application::Plugin::CAPTCHA
Index(es):
- Date
- Thread

Mail converted by mhonarc 2.6.15
This archive provided courtesy of JSW4.NET, Internet Hosting Services for Small Business.