slightly [OT] : online DB protection question
Sivakatirswami
katir at hindu.org
Tue Feb 12 16:23:20 EST 2008
Bjrnke von Gierke wrote:
> On 11 Feb 2008, at 18:36, jbv wrote:
>
>> Here's my question : in order to prevent ppl to register hundreds of
>> times automatically,
>> or simply to hinder hackers to send large amounts of automatic cgi
>> requests and to
>> clutter mySQL tables with useless registrations, I've been asked to
>> think about some
>> protection.
>
> The best Method known to me is the "captcha"
> <http://en.wikipedia.org/wiki/Captcha>. Basically you show an image of
> distorted and crossed out text, and the user has to enter what he
> reads. But these images have to be generated randomly, and this isn't
> really simple to do with any http-server software. Also the Way you
> distord and add lines need to follow some rules, otherwise it's easily
> circumvented.
Actually a "soft" way of generating random images (relatively random) is
to simply sit in photoshop and
for as long as you find it interesting, create images of words and name
them
1.gif
2.gif
3.gif
#
24.gif
and then the CGI that dynamically generates your page
has only to do a simple
put (random(24))&".gif" into tImage
and load this string into your form template and you are done.
You obviously need to keep note of the words you have created and use
that list in your validation routine.
I sent the full "recipe" to jbv off list (for security reasons, since
these archives are searchable on the web...)
Obviously hackable over time if some has a real strong intent to get
thru your forms, but strong enough to stop the bots...
>
>
More information about the use-livecode
mailing list