-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Hi,
Legend has it that on 06/10/2014 22:35, the fair wind whisper'd the words of Ron W: > It is doable, but a bot would still be able to read and interpret > it. Theoretically speaking, making an automatic captcha solver for Fossil's current ascii art captcha is not really hard to do. The question is how far is anyone willing to go to defeat any captcha? I have been using a very simple solution to keep out spammers for a few years now, alongside the math puzzles. My registration form has a checkbox, that simply says "I am a spammer". Most bots select and check form controls, just in case the form needs it to be checked when validating. Of course, if this checkbox is checked, the site is not going to accept the form submission. These are very easy to defeat, but the site has to be specifically targeted. If that happens, it is trivial to log in with a manually created account and create havoc. > Assuming any of the existing CAPTCHA services support a mode of > operation where Fossil could generate an encrypted URL to include > in the registration page (as opposed to Fossil sending a request to > the service), then I would suggest that the best way for Fossil to > support CAPTCHAs for the visually impaired would be to provide the > needed TH1 primitives to enable a TH1 script to generate the > required HTML and encrypted "secret string" to include in the > registration page. While they can be great (see Akismet), I'd rather not use captcha services outside Fossil. Rob -----BEGIN PGP SIGNATURE----- Version: GnuPG v2.0.22 (MingW32) iQEcBAEBAgAGBQJUMw7uAAoJEJV7oeIt3hbRHBIH/ApOj4gcl8sWJu3jxe/U24jt QFpAVlAqiC8fSifzHDCEKiA8JIokV+mtGwm6uksj+NGv4EMCyUX1CwyzCni1x2LZ 3d3rOVT2+72TRnNAKAccLDmBBy3tTwIvG6Ebk6R3p0jO1pvSdgyO4PIu/rtFY4OA o7n0yDOysQiK/ahkUZXlY4yqh2ak99pZ9GJUYb5NN1aRTf3p+LacuRD0ryIP0pjQ Z7Rfth2oiwTYgriCThF+nJ8By+OarJ3n7BZB9sscICLgoZULhnk2FyMTg14RNxYV U2s/FAwZeGhOp4qB5ZJyGwRvwGz4hwTfpUUcn/zcDYrEUgFp0FKqQBHLUtBG8qc= =0w+0 -----END PGP SIGNATURE----- _______________________________________________ fossil-users mailing list fossil-users@lists.fossil-scm.org http://lists.fossil-scm.org:8080/cgi-bin/mailman/listinfo/fossil-users
