* Michael Peters <suppressed> [2005-08-26 17:35:04-0400]
> Dan Horne wrote:
> > It would be nice if whatever solution is selected can run under Windows too.
> > Many memory-based caching systems are specific to *nix systems and don't
> > work with MS (particularly the IPC ones). What about supporting the
> > Cache::Cache API, and then let the developers choose which Cache::* module
> > suits?.
>
> Ok, before we go down this road, can anyone give me a good reason that
> we need to permanently store these images or even cache them? The
> CAPTCHA phrase should be random enough that we would never use the same
> image twice in a reasonable amount of time right?
After following this thread, I feel I have to jump in here to give
my 0.02EUR. First of all, I think CAPTCHAs are horrible in every way
possible:
* Images are just bad:
Either the images are completely unreadable (see my blog
entry[1] on that), or they are "too easy" to crack[2].
* False sense of security:
"Spammers can pay a programmer to aggregate these images and feed
them one by one to a human operator, who could easily verify
hundreds of them each hour." [3]
* Punishment for the wrong group of people:
Visually impaired people (or heck, Links/Lynx users for the
matter) really wouldn't like CAPTCHAs for it clearly just bans
them. Audio files need to be created too (and I think in the US
there's even a law about this? Correct me if I'm wrong).
After recently coming back from the Asian continent, I can also
tell you browsing the web with images turned off (thanks FireFox!)
is more a necessity than a pleasure. Internet speeds (if even) are
extremely slow, CAPTCHA images would be punishing those people too
(or anyone with a slow connection).
* Annoying:
Certainly not the last reason: CAPTCHAs are beyond annoying.
Just because _you_ seem to have some problems keeping spammers out,
you force me (the user/client) to do all sorts of tricks for you.
So yeah, I don't really like such systems ;-) I'd rather see
different solutions to stopping spam or whatever reason was behind
your CAPTCHA idea.
But, besides me disliking it, I strongly belief the images have no
need on the server. A single encrypted string in the user's session
(database/file) would be sufficient IMHO. The use only needs to see
the image once, right?
1. http://menno.b10m.net/nb/archives/2005/04/22/T16_56_47/index.html
2. http://sam.zoy.org/pwntcha/
3. http://www.w3.org/TR/turingtest/#security
--
B10m
'Google is Evil'
-rw-rw-rw- 1 satan demons 0 Jun 06 06:06 google
---------------------------------------------------------------------
Web Archive: http://www.mail-archive.com/suppressed/
http://marc.theaimsgroup.com/?l=cgiapp&r=1&w=2
To unsubscribe, e-mail: suppressed
For additional commands, e-mail: suppressed
Mail converted by mhonarc 2.6.15
This archive provided courtesy of JSW4.NET, Internet Hosting Services for Small Business.