SitePoint Sponsor

User Tag List

Page 1 of 3 123 LastLast
Results 1 to 25 of 73
  1. #1
    ********* Articles ArticleBot's Avatar
    Join Date
    Apr 2001
    Posts
    1
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)

    Article Discussion

    This is an article discussion thread for discussing the SitePoint article, "Toughen Forms' Security with an Image"

  2. #2
    gingham dress, army boots... silver trophy redux's Avatar
    Join Date
    Apr 2002
    Location
    Salford / Manchester / UK
    Posts
    4,838
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    nowhere in the article do you actually call these images by their more common name: CAPTCHAs http://en.wikipedia.org/wiki/Captcha

    and before everybody rushes off to implement them, it's worth considering the accessibility implications: out of the box, this proposed system shuts out anybody who can't actually see the image (visually impaired / blind users, for instance).

  3. #3
    Keep it simple, stupid! bokehman's Avatar
    Join Date
    Jul 2005
    Posts
    1,935
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    Who cares if it shuts out blind and and visually impaired users? It's much more important to have an up-to-date website with the latest fad, right?

    Actually I am joking! If you want a ready to run a CAPTCHA script and have audio back-up redundancy for blind users check out my signature.

  4. #4
    SitePoint Addict Quaint's Avatar
    Join Date
    May 2004
    Location
    Netherlands
    Posts
    219
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    Please give the man a break.. I mean, even though CAPTCHA isn't really user (visually impaired user) friendly, people can learn a whole lot from this nice tutorial! I think you could imagine that many programmers wonder how these things are created and end up here.. The tutorial is fine! What is really missing is an explanation of the negative side of using CAPTCHA..

    The CAPTCHA package (with audio variant) you give in your signature (http://bokehman.com/captcha_verification) is REALLY nice, but let's face it.. There's probably a better version of whatever you code already out there on the internet.. However as I've said before having these kind of tutorials is nice too ...

  5. #5
    SitePoint Member
    Join Date
    Feb 2005
    Location
    Zurich, Switzerland
    Posts
    1
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    Yesterday, I attended a speech by Jitendra Malik (UC Berkeley) about computer vision and object recognition. Just for the heck of it he tried his algorithms on captchas and reached a >90% hit rate, even though his sample captchas were way harder to read than these ones (nonlinear distortion, more noise and clutter). I guess it won't take too long until his work will be available as part of a spam script.

    But there is an even simpler way to solve captchas by using a man in the middle attack: For example, create a porn page where, whenever a user wants to see the next picture, he has "solve" a looped through captcha.

    I just found out that wikipedia offers all this information as well so if you want more details, follow redux' link. :-)

  6. #6
    One website at a time mmj's Avatar
    Join Date
    Feb 2001
    Location
    Melbourne Australia
    Posts
    6,282
    Mentioned
    1 Post(s)
    Tagged
    0 Thread(s)
    The title of this article is very misleading as it implies that CAPTCHA are a security measure, when in fact they are not. If your idea of security is "a human can be trusted but a computer cannot", you have some problems.

  7. #7
    SitePoint Addict
    Join Date
    Nov 2005
    Posts
    327
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    Quote Originally Posted by mmj
    The title of this article is very misleading as it implies that CAPTCHA are a security measure, when in fact they are not. If your idea of security is "a human can be trusted but a computer cannot", you have some problems.
    True. It's more of an anti-spam measure than a security measure. Its best use is to prevent repeated automated form submissions.

  8. #8
    SitePoint Member
    Join Date
    Nov 2005
    Posts
    1
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    Thanks for all the feedback everyone - much appreciated.

    Redux - I should have named them as Captchas, thanks for adding the link to the wiki page though.

    I did think about the lack of accessibility for blind users but for this example I didn't want to over complicate things - particularly I wanted to demonstrate the PHP/GD side of creating them. I'll look to produce a follow up to this article which addresses the accessibility issue.

  9. #9
    Keep it simple, stupid! bokehman's Avatar
    Join Date
    Jul 2005
    Posts
    1,935
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    Quote Originally Posted by Quaint
    Please give the man a break...
    I agree. Edward Eliot's article is informative and interesting even for people not in the slightest bit interested in CAPTCHA. There is something for everyone: classes and objects, use of the GD library and a good explanation of how the code works.
    Quote Originally Posted by Quaint
    The CAPTCHA package (with audio variant) you give in your signature...
    I got that together because I was fed up listening to people complaining about the accessiblity issues but doing nothing to help. When something is very fashionable it is hard to tell people not to use it because it causes problems for < 1% of users.
    Quote Originally Posted by Quaint
    There's probably a better version of whatever you code already out there on the internet.
    Probably, but I like to write my own scripts because I enjoy it.

    Quote Originally Posted by Maarten Manders
    But there is an even simpler way to solve captchas by using a man in the middle attack: For example, create a porn page where, whenever a user wants to see the next picture, he has "solve" a looped through captcha.
    I'm sure that's a joke. Isn't it?

  10. #10
    SitePoint Addict Quaint's Avatar
    Join Date
    May 2004
    Location
    Netherlands
    Posts
    219
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    @bokehman
    Lol, didn't even realise you posted the reply.. I looked at your script yesterday and e-mailed you (saying I loved it, remember).. It's only now when looking back at the thread I recognise your name

    Nice going Bokeh!!

    Quaint Tech
    - Blog on web development and web technology.

  11. #11
    perfect = good enough peach's Avatar
    Join Date
    Jun 2004
    Location
    -Netherlands-
    Posts
    1,383
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    itīs not a great capthca though, some bots can easily read the image in the end of your article.

    To test your captcha image you could for instance see what WhatTheFont can read from it: http://www.myfonts.com/WhatTheFont/

    Just a few grey lines won't break it.

  12. #12
    SitePoint Addict
    Join Date
    Nov 2005
    Posts
    327
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    Richard Heyes' solution to the usability issue is to print out a number as a word on the page and require the user to enter it as a number. For example, if the captcha is "two thousand five hundred twenty eight", the user would type "2528".

  13. #13
    Tom
    SitePoint Community Guest
    I have excellent close-up vision but I'm still having issues reading the captcha, what about users with poor sight?

  14. #14
    Julian
    SitePoint Community Guest
    It would be better to have the site name somewhere in the image, so it can't be used by spammers on others sides.

  15. #15
    SitePoint Wizard silver trophy someonewhois's Avatar
    Join Date
    Jan 2002
    Location
    Canada
    Posts
    6,364
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    Converting "two thousand five hundred twenty eight" to "2538" isn't that difficult.

  16. #16
    SitePoint Addict
    Join Date
    Nov 2005
    Posts
    327
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    Quote Originally Posted by someonewhois
    Converting "two thousand five hundred twenty eight" to "2538" isn't that difficult.
    It could be if the machine doesn't realize it's a captcha and not part of the page content.

  17. #17
    SitePoint Addict will_'s Avatar
    Join Date
    Apr 2004
    Location
    Asheville, NC
    Posts
    206
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    Seems like a very long path to go down in order to break a site's accessibility.

  18. #18
    Anonymous
    SitePoint Community Guest
    I'd agree it is not very accessible if images are turned off or the user has problems viewing the digits.

    Then obviously you'd require an alt attribute at the minimum, possibly the title too.

  19. #19
    SitePoint Member
    Join Date
    Mar 2003
    Location
    Urbana, MD
    Posts
    7
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    I'm with "will_". Why are we still discussing forms of CAPTCHA? Write an article on how to do a good turing test without obscured images and accessibility problems, please. Or at least with accessible fallbacks.

  20. #20
    SitePoint Enthusiast
    Join Date
    Sep 2005
    Posts
    44
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    Just reading the title of this article gave me an idea.

    Rather than using captchas, we could have pre-stored images of well known animals or items, like "cat", "dog", "bird" etc... with a drop down menu corresponging to the available images.

    The server would then send an image to the form at random and the user would have to select from the drop down menu the corresponding name.

    The image would be embedded into the HTML file. (see http://www.bennherrera.com/EmbeddedImage/)

    --------
    Another solution could be to use some javascript and AJAX to ensure the a the user is "real" and not a robot.

    Something like, the user has to click on a button that will activate a javscript "alert" box that will contain a code generated on the server and pulled in using AJAX. (so there is not way to see the code unless you activate the "alert" box.)

    There may be holes in this approach, but thought I would mention it anyway, so someone else can improve on it.
    Last edited by wwms; Apr 18, 2006 at 20:09.
    www.SQLrecipes.com A free cookbook for SQL recipes.

    I didn't believe someone could make over $19,000 a month...
    ...with Google Adsense, until I read this.

  21. #21
    SitePoint Addict
    Join Date
    Nov 2005
    Posts
    327
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    Quote Originally Posted by wwms
    Just reading the title of this article gave me an idea.

    Rather than using captchas, we could have pre-stored images of well known animals or items, like "cat", "dog", "bird" etc... with a drop down menu corresponging to the available images.

    The server would then send an image to the form at random and the user would have to select from the drop down menu the corresponding name.
    I like this idea, but...

    Quote Originally Posted by wwms
    The image would be embedded into the HTML file. (see http://www.bennherrera.com/EmbeddedImage/)
    ...that's pretty heavy engineering for a captcha. Why not just give all of the image files an MD5'ed filename, store the real name of the item shown in the image file in the session object, and load it with an ordinary IMG tag?

  22. #22
    SitePoint Enthusiast
    Join Date
    Sep 2005
    Posts
    44
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    ...that's pretty heavy engineering for a captcha. Why not just give all of the image files an MD5'ed filename, store the real name of the item shown in the image file in the session object, and load it with an ordinary IMG tag?
    Yes, you are correct. After submitting my post I thought about that. There is no need to embed the image, simply renaming the file will be good enough. Actually embedding the image would defeat the purpose since it is a recognisable pattern.

    This method would also work well with 'audio', since those who can't see well could easily recognise the sound each animal makes. However this may not be needed in the first place since unlike captchas a good clear image of an animal is a lot easier to recognise than some captchas. (I mean those that are so good that it is even hard for 'us' to figure out what the characters represent ...)

  23. #23
    SitePoint Wizard spence_noodle's Avatar
    Join Date
    Jan 2004
    Location
    uk, Leeds (area)
    Posts
    1,264
    Mentioned
    2 Post(s)
    Tagged
    1 Thread(s)
    The script is great for beginners (e.g. = me ).

    But like what I've read, there is complications for using the script. The site will have to be aimed for the public who don't have a disability, which in my opinion is quite hard to come across. Their are many other ways to make the form submission(s) spam proof.
    "Don't you just love it when you solve a programming bug only to create another."

  24. #24
    SitePoint Addict
    Join Date
    Nov 2005
    Posts
    327
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    Quote Originally Posted by spence_noodle
    Their are many other ways to make the form submission(s) spam proof.
    Care to share some of them?

  25. #25
    SitePoint Wizard spence_noodle's Avatar
    Join Date
    Jan 2004
    Location
    uk, Leeds (area)
    Posts
    1,264
    Mentioned
    2 Post(s)
    Tagged
    1 Thread(s)
    Quote Originally Posted by a.dotty.dot
    Care to share some of them?
    ermm.....

    you know which ones, there's loads (*cough, *cough )
    "Don't you just love it when you solve a programming bug only to create another."


Bookmarks

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •