At 1/5/2007 04:33 AM, Svip wrote:
I discovered that anyone have yet to discuss HEC's. So I thought I
might as well start this topic. HEC stands for "HTML Encoded
CAPTCHA". It's quite easy, it is using means of HTML and CSS to
create the image which was originally broadcasted in png/jpeg/gif or
perhaps even svg.
It is just about being creative. I know what you're thinking.
Usually you would at maximum send 3 bytes per pixel, but now weren't
going to send like fifty time as much! Yes, it is a waste of traffic,
but it has a large security scale I should imagine.
Anyway, here is a HEC, I created:
http://sviip.dk/tut/captcha.php
With respect, Svip, I think this is a terrible example of the
technique you're demonstrating. There's no reason for all the
repetitive inline styling when a few rules in a stylesheet and a few
unique class names would suffice. You could reduce the weight of
this glob of markup to a sliver of its current size.
And as long as you're using PHP's image functions, why not generate a
complete single image server-side and deliver it whole to the client?
If you're going to settle for a captcha that's inaccessible to
non-visual users -- which I think is a bad idea -- here's another
approach: output a string a characters, each in its own span,
absolutely positioned to appear in a different sequence than the
source markup. In this simple model the characters themselves aren't
obfuscated, merely their sequence. The probability of guessing the
correct sequence is fairly small -- the number of possible
combinations is N! (N factorial), i.e. 120 for five characters, 720
for six, 5040 for seven. It's much less likely that a bot would
choose the right combination than, say, select the correct item from
a list of five options. It is, however, another inaccessible
technique. We can do better.
Regards,
Paul
*******************************************************************
List Guidelines: http://webstandardsgroup.org/mail/guidelines.cfm
Unsubscribe: http://webstandardsgroup.org/join/unsubscribe.cfm
Help: [EMAIL PROTECTED]
*******************************************************************
