> -----Original Message-----
> From: Andrew Ballard [mailto:aball...@gmail.com]
> Sent: Thursday, September 09, 2010 11:22 AM
> To: Jack
> Cc: PHP
> Subject: Re: [PHP] Show text without converting to html
> It will protect against a (possibly large?) percentage of those that are
> looking for the lowest hanging fruit. I have a few reasons that feed my
> doubts about its effectiveness:
> - The most common answer you find when you search for e-mail
> obfuscation is something similar to what you've shown, whether it uses
> HTML character entities, numeric entities, or a combination of the two.
> - The overhead to convert frankly isn't that high. I realize that in the case
> a harvester you are multiplying that overhead by the sheer volume of
> content being processed, but given the speed of processors I don't think
> that matters much anymore.
> - There are simple ways to minimize the overhead. For example, a script
> does not have to decode an entire page; it only has to look for anchor tags
> and decode the contents of the href attribute of each tag found.
> Combine these and I don't think this obfuscation technique adds enough
> cost to be much of a barrier. Of course, this is just my opinion.
> Those who write harvesters might be lazier than I give them credit.
I think it all depends on the value of the crop(s) to be harvested.. ;)
As for performance, even the speed of the processors are much faster today
than before, it will affect performance depending on # of hits. In addition,
the bandwidth consumption will increase considerably on a heavy traffic site
with all the extra characters for obfuscation, especially if you're on a capped
hosting service. If you have something you want to safeguard, IMO, use
authentication. Or you could try to create a monitoring mechanism to detect
any unwanted behavior and deny the request(s).
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php