OT: captchas
David Nicol
davidnicol at gmail.com
Sun Apr 17 20:44:24 CDT 2005
On 4/17/05, Frank Wiles <frank at wiles.org> wrote:
>
> It would be valid, but any captcha implementation worth it's salt
> doesn't use flat file images. It generates a random name for the
> image and serves it up to the client.
>
> Here is how it works:
>
> 1) Choose random captcha that happens to say "FooBar" which is in
> foobar.jpg.
>
> 2) Tell browser to load /images/AlkjsdfH293sdfhjh2234kjh.jpg
>
> 3) Have a system in place that, in the background, serves up
> foobar.jpg when asked for /images/AlkjsdfH293sdfhjh2234kjh.jpg
>
> This keeps bots like you were thinking from working. Because each
> time the filename is different.
I had thought he was planning on using the whole file as the key to his cache,
not merely the file-name. But articles I have read on generating captchas
reccomend generating one-off captchas. You have a graphics library that
takes one of the words on your wordlist, frobs it randomly, and produces
a one-off image. You can even call the image generator captcha.png all
the time, and let your session layer keep track of who got which word.
http://search.cpan.org/~unrtst/Authen-Captcha-1.023/Captcha.pm
for instance,
uses the GD library to generate images as needed.
--
David L Nicol
$SesKey=join"",grep{/\w/}map{chr rand 128}0..99;#Zesty!
More information about the Kclug
mailing list