Re: Captcha module Version 1.1 ready for testing

[Martin Winkler]

Am Thu, 14 Jun 2007 15:51:10 -0400
schrieb Forest Bond <[EMAIL PROTECTED]>:

> You can do it without external persistence (sessions and/or database
> table) by encrypting the correct response in the image filename.

So when the request to get the image is sent to django, we have to
decrypt the solution according to the image's URL. In my
opinion that raises some problems, because it could be decrypted by
someone else too, unless you use a private/public key encryption,
which means more work on the django server than using just hashed
filenames like my approach does.

Furthermore I don't see a real reason to generate images on the
fly instead of storing them directly. My approach is quite speedy even
with auto_cleanup, when there are many captcha images sitting in the
filesystem all the time. I ran an apache benchmark test on my
development machine (not the fastest hardware) multiple times where
each of them creating 1000 captchas:

With auto_cleanup:
            captchas on disk at start    Requests per second
first run                           0                  22.82
second run                       1000                  13.06
third run                        2000                   9.16
fourth run                       3000                   7.02

Without auto_cleanup:
            captchas on disk at start    Requests per second
first run                           0                  39.05
second run                       1000                  39.45
third run                        2000                  37.27
fourth run                       3000                  38.46

disk space used for 4000 captchas: 48MB

And these are really extreme cases, since they imply that no one of the
1000 visitors in each run ever submits a form back, so its captcha image
would be deleted automatically.

If you really have concerns regarding speed, you might use a cronjob
that deletes the old captchas in the background, so the whole system
stays very responsive.

If you have a compelling reason why this solution is bad, I'll be happy
to know. Otherwise I think, I'll stick with images in the filesystem.
In my opinion it's fast for most sites even with auto_cleanup, and for
really high volume sites just disable auto_cleanup, use your own
cronjob, and everything should be ok. Right now, I just can't see a
benefit in using images created on the fly.

Martin

--~--~---------~--~----~------------~-------~--~----~
You received this message because you are subscribed to the Google Groups 
"Django users" group.
To post to this group, send email to django-users@googlegroups.com
To unsubscribe from this group, send email to [EMAIL PROTECTED]
For more options, visit this group at 
http://groups.google.com/group/django-users?hl=en
-~----------~----~----~----~------~----~------~--~---