On Fri, 2005-08-26 at 15:42, Rhesa Rozendaal wrote:
> > If you put the info required to generate the image in the query string
> > of the runmode that generates the image you've just given the robots
> > everything they need to defeat the captcha.
>
>
> Depends on the form in which you pass that information. If you use a
> decent two-way encryption, there's no harm in my opinion. That way you
> don't even have to store anything on the server: pass the encrypted text
> both in the form (hidden) and in the captcha_create url. When you get
> the form data, see if encrypted and plaintext match. Simple and clean.
Hmmm... Now that's a good idea. I guess I was stuck on using a Digest as
opposed to a 2-way encryption.
Using Crypt::Blowfish or Crypt::CBC even (let the user chose the
algorithm) you wouldn't need any permanent storage.
--
Tony Fraser
suppressed
Sybaspace Internet Solutions System Administrator
phone: (250) 246-5368 fax: (250) 246-5398
---------------------------------------------------------------------
Web Archive: http://www.mail-archive.com/suppressed/
http://marc.theaimsgroup.com/?l=cgiapp&r=1&w=2
To unsubscribe, e-mail: suppressed
For additional commands, e-mail: suppressed
Mail converted by mhonarc 2.6.15
This archive provided courtesy of JSW4.NET, Internet Hosting Services for Small Business.