[nycphp-talk] can anyone recommend a good captcha?
Daniel Convissor
danielc at analysisandsolutions.com
Thu Aug 26 13:34:16 EDT 2004
Hey John:
On Thu, Aug 26, 2004 at 12:35:33PM -0400, John Coggeshall wrote:
> What I mean is, you can probably get away with a
> text-based captcha
Agreed. When the php.net bug system got comment spammed a month or so
ago, I quickly set up a text based CAPTCHA system for pear.php.net.
As it turned out, Derrick said the attacker scraped the pages before
submitting, which could have defeated a text based system.
> Rather, if someone
> is looking to do that they will setup a porn site and make people type
> in the word they see in the box in order to see their porn and go that
> route -- which is exactly what happens with Yahoo!
Yep. That's a clever workaround. No security is impenetrable.
That reminds me, I wanted to add a time check to the system... (hack,
hack, hack, commit).
Thanks,
--Dan
--
T H E A N A L Y S I S A N D S O L U T I O N S C O M P A N Y
data intensive web and database programming
http://www.AnalysisAndSolutions.com/
4015 7th Ave #4, Brooklyn NY 11232 v: 718-854-0335 f: 718-854-0409
More information about the talk
mailing list