slightly [OT] : online DB protection question

Björnke von Gierke bvg at mac.com
Mon Feb 11 13:20:18 EST 2008 

On 11 Feb 2008, at 18:36, jbv wrote:

> Here's my question : in order to prevent ppl to register hundreds of
> times automatically,
> or simply to hinder hackers to send large amounts of automatic cgi
> requests and to
> clutter mySQL tables with useless registrations, I've been asked to
> think about some
> protection.


Most Web forms validate the entry, eg. to be a valid e-mail address  
there has to be an @ in it, and it has to end in a toplevel domain.  
Many also store e-mails in addition to logins, and you're not really  
registered until you click an automatic generated link in the e-mail  
they send you.

The best Method known to me is the "captcha" <http://en.wikipedia.org/wiki/Captcha 
 >. Basically you show an image of distorted and crossed out text, and  
the user has to enter what he reads. But these images have to be  
generated randomly, and this isn't really simple to do with any http- 
server software. Also the Way you distord and add lines need to follow  
some rules, otherwise it's easily circumvented.

Another (similar) approach is this: You need many pictures of a few  
things, and store what thing the picture shows. Then you show 9 of  
them, asking the user to click on the dog (or whatever). Obviously  
nothing in the picture's url should point out what kind of thing it  
shows for this to work. Also there should be only one dog (or  
whatever) at a time. Fuzzy animals work best for this  (kittens, young  
dogs, rabbits, etc.), because they "blend" into the background, and  
currently computers can't distinguish cat's from dog's, so no hacker  
can spoil this (yet). Obviously simple and clearly coloured geometric  
shapes are not ideal. Note that this is less secure then the text  
approach above, but of course it's infinitely more cute. :)

These are the three methods I'd choose one from to use myself.

Björnke

-- 

official ChatRev page:
http://chatrev.bjoernke.com

Chat with other RunRev developers:
go stack URL "http://homepage.mac.com/bvg/chatrev1.3.rev"

More information about the use-livecode mailing list