On Mon, 2009-12-07 at 20:33 +0100, Stephan Beal wrote: > So i added a button to the login screen called "Auto-fill Password", > which copies the captcha hex code into the password field and fills > out the user name as "anonymous". The captcha's value _is_ stored in > the HTML code for the button, but a bot would literally need to > simulate a click on the button, followed by the Login button, to get > by it.
So a general-purpose stupid-bot probably won't get through. But it would only take a few minutes to write a fossil repo-scraping bot if this were implemented. Granted that the existing captcha provides little protection and shouldn't be relied upon for security, I still wouldn't want to poke holes in the condom here. -- Joshua Paine LetterBlock: Web applications built with joy http://letterblock.com/ 301-576-1920 _______________________________________________ fossil-users mailing list [email protected] http://lists.fossil-scm.org:8080/cgi-bin/mailman/listinfo/fossil-users
