On 11 Feb 2008, at 18:36, jbv wrote:
Here's my question : in order to prevent ppl to register hundreds of times automatically, or simply to hinder hackers to send large amounts of automatic cgi requests and to clutter mySQL tables with useless registrations, I've been asked to think about some protection.
Most Web forms validate the entry, eg. to be a valid e-mail address there has to be an @ in it, and it has to end in a toplevel domain. Many also store e-mails in addition to logins, and you're not really registered until you click an automatic generated link in the e-mail they send you.
The best Method known to me is the "captcha" <http://en.wikipedia.org/wiki/Captcha >. Basically you show an image of distorted and crossed out text, and the user has to enter what he reads. But these images have to be generated randomly, and this isn't really simple to do with any http- server software. Also the Way you distord and add lines need to follow some rules, otherwise it's easily circumvented.
Another (similar) approach is this: You need many pictures of a few things, and store what thing the picture shows. Then you show 9 of them, asking the user to click on the dog (or whatever). Obviously nothing in the picture's url should point out what kind of thing it shows for this to work. Also there should be only one dog (or whatever) at a time. Fuzzy animals work best for this (kittens, young dogs, rabbits, etc.), because they "blend" into the background, and currently computers can't distinguish cat's from dog's, so no hacker can spoil this (yet). Obviously simple and clearly coloured geometric shapes are not ideal. Note that this is less secure then the text approach above, but of course it's infinitely more cute. :)
These are the three methods I'd choose one from to use myself. Björnke -- official ChatRev page: http://chatrev.bjoernke.com Chat with other RunRev developers: go stack URL "http://homepage.mac.com/bvg/chatrev1.3.rev"; _______________________________________________ use-revolution mailing list [email protected] Please visit this url to subscribe, unsubscribe and manage your subscription preferences: http://lists.runrev.com/mailman/listinfo/use-revolution
