Björnke von Gierke wrote:
On 11 Feb 2008, at 18:36, jbv wrote:
Here's my question : in order to prevent ppl to register hundreds of
times automatically,
or simply to hinder hackers to send large amounts of automatic cgi
requests and to
clutter mySQL tables with useless registrations, I've been asked to
think about some
protection.
The best Method known to me is the "captcha"
<http://en.wikipedia.org/wiki/Captcha>. Basically you show an image of
distorted and crossed out text, and the user has to enter what he
reads. But these images have to be generated randomly, and this isn't
really simple to do with any http-server software. Also the Way you
distord and add lines need to follow some rules, otherwise it's easily
circumvented.
Actually a "soft" way of generating random images (relatively random) is
to simply sit in photoshop and
for as long as you find it interesting, create images of words and name
them
1.gif
2.gif
3.gif
#
24.gif
and then the CGI that dynamically generates your page
has only to do a simple
put (random(24))&".gif" into tImage
and load this string into your form template and you are done.
You obviously need to keep note of the words you have created and use
that list in your validation routine.
I sent the full "recipe" to jbv off list (for security reasons, since
these archives are searchable on the web...)
Obviously hackable over time if some has a real strong intent to get
thru your forms, but strong enough to stop the bots...
_______________________________________________
use-revolution mailing list
[email protected]
Please visit this url to subscribe, unsubscribe and manage your subscription
preferences:
http://lists.runrev.com/mailman/listinfo/use-revolution
