Re: [cgiapp] RFC: CGI::Application::Plugin::CAPTCHA

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [cgiapp] RFC: CGI::Application::Plugin::CAPTCHA

Subject: Re: [cgiapp] RFC: CGI::Application::Plugin::CAPTCHA
Date: Sat, 27 Aug 2005 00:42:06 +0200
From: Rhesa Rozendaal <suppressed>

Tony Fraser wrote:

On Fri, 2005-08-26 at 14:35, Michael Peters wrote:


Ok, before we go down this road, can anyone give me a good reason that
we need to permanently store these images or even cache them? The
CAPTCHA phrase should be random enough that we would never use the same
image twice in a reasonable amount of time right?



Time to add my two cents:

1) since the whole business is about preventing spamming, saving imageson disk is actually a BAD idea: if a robot hits your script repeatedly,you'd end up with tons of uselessly generated images, which waste bothprocessing power and disk space.

2) Since these images get used once, and only once, it makes perfectsense to only generate them when they're really needed.


I think that puts me firmly in Michaels camp :)

To me that leaves 2 choices:

1. Store the plain text on the server somehow, indexed by the hash. Then
generate the image as needed.

2. Generate the image and the hash at the same time and somehow save the
image so that it can be retrieved by its hash in a separate HTTP
request.

The plaintext string would be what, 8 bytes? How big would the image be,3Kb? Easy choice there.

If you put the info required to generate the image in the query string
of the runmode that generates the image you've just given the robots
everything they need to defeat the captcha.

Depends on the form in which you pass that information. If you use adecent two-way encryption, there's no harm in my opinion. That way youdon't even have to store anything on the server: pass the encrypted textboth in the form (hidden) and in the captcha_create url. When you getthe form data, see if encrypted and plaintext match. Simple and clean.


Rhesa



---------------------------------------------------------------------
Web Archive:  http://www.mail-archive.com/suppressed/
             http://marc.theaimsgroup.com/?l=cgiapp&r=1&w=2
To unsubscribe, e-mail: suppressed
For additional commands, e-mail: suppressed

Follow-Ups:
- Re: [cgiapp] RFC: CGI::Application::Plugin::CAPTCHA
  - From: Tony Fraser

References:
- RE: [cgiapp] RFC: CGI::Application::Plugin::CAPTCHA
  - From: Dan Horne
- Re: [cgiapp] RFC: CGI::Application::Plugin::CAPTCHA
  - From: Michael Peters
- Re: [cgiapp] RFC: CGI::Application::Plugin::CAPTCHA
  - From: Tony Fraser

Prev by Date: RE: [cgiapp] RFC: CGI::Application::Plugin::CAPTCHA
Next by Date: Re: [cgiapp] RFC: CGI::Application::Plugin::CAPTCHA
Previous by thread: RE: [cgiapp] RFC: CGI::Application::Plugin::CAPTCHA
Next by thread: Re: [cgiapp] RFC: CGI::Application::Plugin::CAPTCHA
Index(es):
- Date
- Thread

Mail converted by mhonarc 2.6.15
This archive provided courtesy of JSW4.NET, Internet Hosting Services for Small Business.