True, Paul, I did actually copy a code I wrote a CAPTCHA image to HEC. Actually, I won't use HEC myself, I just thought I'd share an example. Despite being a very bad example.
However, your idea was quite good. Except of course with the inaccessible issue. However, some sites appeal to people who can see, where it may come in handy. Regards, Svip On 1/5/07, Paul Novitski <[EMAIL PROTECTED]> wrote:
At 1/5/2007 04:33 AM, Svip wrote: >I discovered that anyone have yet to discuss HEC's. So I thought I >might as well start this topic. HEC stands for "HTML Encoded >CAPTCHA". It's quite easy, it is using means of HTML and CSS to >create the image which was originally broadcasted in png/jpeg/gif or >perhaps even svg. > >It is just about being creative. I know what you're thinking. >Usually you would at maximum send 3 bytes per pixel, but now weren't >going to send like fifty time as much! Yes, it is a waste of traffic, >but it has a large security scale I should imagine. > >Anyway, here is a HEC, I created: >http://sviip.dk/tut/captcha.php With respect, Svip, I think this is a terrible example of the technique you're demonstrating. There's no reason for all the repetitive inline styling when a few rules in a stylesheet and a few unique class names would suffice. You could reduce the weight of this glob of markup to a sliver of its current size. And as long as you're using PHP's image functions, why not generate a complete single image server-side and deliver it whole to the client? If you're going to settle for a captcha that's inaccessible to non-visual users -- which I think is a bad idea -- here's another approach: output a string a characters, each in its own span, absolutely positioned to appear in a different sequence than the source markup. In this simple model the characters themselves aren't obfuscated, merely their sequence. The probability of guessing the correct sequence is fairly small -- the number of possible combinations is N! (N factorial), i.e. 120 for five characters, 720 for six, 5040 for seven. It's much less likely that a bot would choose the right combination than, say, select the correct item from a list of five options. It is, however, another inaccessible technique. We can do better. Regards, Paul ******************************************************************* List Guidelines: http://webstandardsgroup.org/mail/guidelines.cfm Unsubscribe: http://webstandardsgroup.org/join/unsubscribe.cfm Help: [EMAIL PROTECTED] *******************************************************************
******************************************************************* List Guidelines: http://webstandardsgroup.org/mail/guidelines.cfm Unsubscribe: http://webstandardsgroup.org/join/unsubscribe.cfm Help: [EMAIL PROTECTED] *******************************************************************
