Tony Fraser wrote:
> On Fri, 2005-08-26 at 15:42, Rhesa Rozendaal wrote:
>
>>>If you put the info required to generate the image in the query string
>>>of the runmode that generates the image you've just given the robots
>>>everything they need to defeat the captcha.
>>
>>
>>Depends on the form in which you pass that information. If you use a
>>decent two-way encryption, there's no harm in my opinion. That way you
>>don't even have to store anything on the server: pass the encrypted text
>>both in the form (hidden) and in the captcha_create url. When you get
>>the form data, see if encrypted and plaintext match. Simple and clean.
>
>
> Hmmm... Now that's a good idea. I guess I was stuck on using a Digest as
> opposed to a 2-way encryption.
>
> Using Crypt::Blowfish or Crypt::CBC even (let the user chose the
> algorithm) you wouldn't need any permanent storage.
++
Just pick a reasonable default and then allow some mechanism that
someone can use if they need to override it.
--
Michael Peters
Developer
Plus Three, LP
---------------------------------------------------------------------
Web Archive: http://www.mail-archive.com/suppressed/
http://marc.theaimsgroup.com/?l=cgiapp&r=1&w=2
To unsubscribe, e-mail: suppressed
For additional commands, e-mail: suppressed
Mail converted by mhonarc 2.6.15
This archive provided courtesy of JSW4.NET, Internet Hosting Services for Small Business.