Hi, all! i've just added a feature which is highly arguable and therefore i want to check the general opinion on the topic before i commit it:
When logging in as the anonymous user, it is painful to not be able to copy/paste the captcha into the login field. In my experience a simple text-based captcha works as well as a graphic if the captcha text is muddled with text a user won't see but a bot would, e.g. a captcha of ABCD can be rendered from javascript one letter at a time, and a bot won't be able to figure out that it creates a readable captcha string. So i added a button to the login screen called "Auto-fill Password", which copies the captcha hex code into the password field and fills out the user name as "anonymous". The captcha's value _is_ stored in the HTML code for the button, but a bot would literally need to simulate a click on the button, followed by the Login button, to get by it. Few, if any, bots process javascript, and those who do would have to know the order to click the buttons to get logged in. i.e. the chances are near 0 that the captcha could be bot-abused even though it's stored as a plain string within the HTML form code. If there are no strong feelings _against_ this, i'll go ahead and commit it. This "feature" can currently be seen in action over at: http://fossil.wanderinghorse.net -- ----- stephan beal http://wanderinghorse.net/home/stephan/
_______________________________________________ fossil-users mailing list [email protected] http://lists.fossil-scm.org:8080/cgi-bin/mailman/listinfo/fossil-users
