[PHP] Preventing automated account creation
Hi, I have been investigating ways of preventing automated account creation on the e-commerce system I am currently working on. Obviously I have seen the graphical solutions to this problem, a small image containing several letters and numbers which must be typed in by the user to confirm account creation. However, this (it seems to me) is a bit overkill for what is a pretty small client, I'm not entirely sure it's a good use of time to create this script solely for them, does anyone know of anything pre-packaged? Furthermore is it really worth doing this, what risks do automated account creation present to an e-commerce site? Tom Williams, Digital Data
Re: [PHP] Preventing automated account creation
[EMAIL PROTECTED] wrote: Hi, I have been investigating ways of preventing automated account creation on the e-commerce system I am currently working on. Obviously I have seen the graphical solutions to this problem, a small image containing several letters and numbers which must be typed in by the user to confirm account creation. However, this (it seems to me) is a bit overkill for what is a pretty small client, I'm not entirely sure it's a good use of time to create this script solely for them, does anyone know of anything pre-packaged? Furthermore is it really worth doing this, what risks do automated account creation present to an e-commerce site? Google CAPTCHA for those verify image scripts. I hope you are kidding about this what risks do automated account creation present to an e-commerce site. -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Preventing automated account creation
[EMAIL PROTECTED] wrote: Hi, I have been investigating ways of preventing automated account creation on the e-commerce system I am currently working on. Obviously I have seen the graphical solutions to this problem, a small image containing several letters and numbers which must be typed in by the user to confirm account creation. However, this (it seems to me) is a bit overkill for what is a pretty small client, I'm not entirely sure it's a good use of time to create this script solely for them, does anyone know of anything pre-packaged? Furthermore is it really worth doing this, what risks do automated account creation present to an e-commerce site? Tom Williams, Digital Data Well, CAPTCHA ( http://en.wikipedia.org/wiki/Captcha) is a pretty neat solution ( http://www.pear.php.net/package/Text_CAPTCHA ). You can also generate random numbers (www.php.net/rand www.php.net/mt_rand) and combining it with this PEAR package http://www.pear.php.net/package/Numbers_Words which is also a good solution. The pass-string if I can call it so is best to be kept as a session variable, since it's stored on the server-side and the user can't view it. Storing its hash in a cookie can be also pretty fine, but storing it in a GET variable is more than stupid. Hope this helps, -- Josip Dzolonga http://josip.dotgeek.org jdzolonga[at]gmail.com -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
RE: [PHP] Preventing automated account creation
Well, CAPTCHA ( http://en.wikipedia.org/wiki/Captcha) is a pretty neat solution ( http://www.pear.php.net/package/Text_CAPTCHA ). You can also generate random numbers (www.php.net/rand www.php.net/mt_rand) and combining it with this PEAR package http://www.pear.php.net/package/Numbers_Words which is also a good solution. The pass-string if I can call it so is best to be kept as a session variable, since it's stored on the server-side and the user can't view it. Storing its hash in a cookie can be also pretty fine, but storing it in a GET variable is more than stupid. http://phpsec.org/articles/2005/text-captcha.html is a good primer on how to use CAPTCHA effectively HTH, Mikey -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php