On Sunday 11 February 2007 20:37, Peter Sawczynec wrote: > The use of the captcha technique has become a type of industry standard.
"Industry standard" is very important thing to be considered. Basically one would not use non-industry standards too much. However certain changes are allowed. Certain captchas can be like small question-answers i.e ( 5 + 5 - 7 = ?). These question should not be complex so that it will require lot of thinking or calculation at user end :). Just simple question like this are enough. You can create standard 100 questions like this and use them randomly. And then there are other capchas suggested by Tedd. For e-mail validations etc. I recommend "check your mail box and click link mentioned in email" because even if online validation could work properly, it doesn't guarantee that the email address filled in by user really belongs to him/her no matter whether it is correct or not. However combination of both techniques is also good where 1st you will try to check whether input email address exists or not. If not then alert user from there and no need to send confirmation email. But if exists then send confirmation email. Still sending only confirmation email is best technique but online validation is helpful specially where you need to check whether any given email address is real or not. Anirudh Zala (30% of Internet traffic is wasted by unnecessary tabs and spaces.) > > I have found customers to quickly recognize and endorse this technique. > The Pro PHP Security guidebook offers an elegant deployment of this > solution. > Plus, I thought, that email validation(s) by any technique is fraught > with > delays, failures and spoofing, likely making it too unreliable to use at > this > potentially important new customer juncture. > > Warmest regards, > > Peter Sawczynec > Technology Dir. > Sun-code.com > Web related services > 646.316.3678 > [EMAIL PROTECTED] > > > > -----Original Message----- > From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] > On Behalf Of Jiju Thomas Mathew > Sent: Sunday, February 11, 2007 8:35 AM > To: NYPHP Talk > Subject: Re: [nyphp-talk] capricious submission of forms > >> > Does anyone have any suggestions other then captcha. > > I do think partial use of email address validations using SMTP connect > would restrict a lot of these bogus mail subscriptions. you should find > a neat article here http://www.zend.com/zend/spotlight/ev12apr.php -- _______________________________________________ New York PHP Community Talk Mailing List http://lists.nyphp.org/mailman/listinfo/talk NYPHPCon 2006 Presentations Online http://www.nyphpcon.com Show Your Participation in New York PHP http://www.nyphp.org/show_participation.php
