slightly [OT] : online DB protection question

Sivakatirswami katir at hindu.org
Tue Feb 12 16:23:20 EST 2008


Björnke von Gierke wrote:
> On 11 Feb 2008, at 18:36, jbv wrote:
>
>> Here's my question : in order to prevent ppl to register hundreds of
>> times automatically,
>> or simply to hinder hackers to send large amounts of automatic cgi
>> requests and to
>> clutter mySQL tables with useless registrations, I've been asked to
>> think about some
>> protection.
>
> The best Method known to me is the "captcha" 
> <http://en.wikipedia.org/wiki/Captcha>. Basically you show an image of 
> distorted and crossed out text, and the user has to enter what he 
> reads. But these images have to be generated randomly, and this isn't 
> really simple to do with any http-server software. Also the Way you 
> distord and add lines need to follow some rules, otherwise it's easily 
> circumvented.

Actually a "soft" way of generating random images (relatively random) is 
to simply sit in photoshop and
for as long as you find it interesting, create images of words and name 
them

1.gif
2.gif
3.gif
#
24.gif

and then the CGI that dynamically generates your page
has only to do a simple

put (random(24))&".gif" into tImage

and load this string into your form template and you are done.

You obviously need to keep note of the words you have created and use 
that list in your validation routine.

I sent the full "recipe" to jbv off list (for security reasons, since 
these archives are searchable on the web...)

Obviously hackable over time if some has a real strong intent to get 
thru your forms, but strong enough to stop the bots...




>
>





More information about the use-livecode mailing list