|
|
Posted by frizzle on 02/07/06 13:55
Jerry Stuckle wrote:
> frizzle wrote:
> > Thanks, indeed that's what i meant.
> > Apparently it's a weaker system then i imagined.
> > I guess i'll have to find another alternative again ... :(
> >
> > Greetings Frizzle.
> >
> >
> > Jim Michaels wrote:
> >
> >>"frizzle" <phpfrizzle@gmail.com> wrote in message
> >>news:1138227180.394441.177630@z14g2000cwz.googlegroups.com...
> >>
> >>>Carl Vondrick wrote:
> >>>
> >>>>You may want to look into Mcrypt
> >>>>(http://us3.php.net/manual/en/ref.mcrypt.php). But, with Peter said,
> >>>>what are you really try to achieve?
> >>>
> >>>What i'm trying to do is build a way of security that a human is
> >>>submitting a form.
> >>>I know there are ways out there already, but i also have other purposes
> >>>in mind.
> >>>
> >>>Example:
> >>>
> >>>Image random generated according to key 1:
> >>>
> >>> image.php?txt=kjGKUGFfas8gkjafKfasdf
> >>>
> >>>The image is a php file, getting $_GET['txt'], decrypt it according
> >>>key 1, and encrypt it according to key 2. The second encrypting
> >>>becomes visible in the actual image.
> >>>
> >>>I have a have a hidden form field with the value of key 1, and the
> >>>visitor has to insert the text from the image / key 2 into a form
> >>>field.
> >>>
> >>>Then after posting i compare the decrypted hidden formfield's value
> >>>against the user submitted value ( / image's value). if they match,
> >>>the user read the image, and is human ...
> >>
> >>Not sure, but sounds like a CAPTCHA. They can be OCR'd
> >>(http://www.ocr-research.org.ua/ ) from what I found in an earlier post.
> >>
> >>
> >>>It might sound stupid, sloppy or whatever, but i'm just trying to
> >>>achieve my goal.
> >>>
> >>>Thanks.
> >>>
> >
> >
>
> Why? Is this a high security site?
>
> OCR'ing CAPTCHA images does take time and effort - each one is typically
> different. What would be on your site which would require that much effort?
>
> Not to denigrate your site in any form - but the fact is, spammers
> et.al. wouldn't bother with 99.99999% of the CAPTCHA images. They'll
> just go onto another site.
>
> It's like your front door. Your lock isn't unpickable - it just
> requires time and effort on a burglar's part to pick. However, you lock
> your door anyway, because it's a deterrent - the burglar will most
> likely move on (unless you're storing Fort Knox inside).
>
>
> --
> ==================
> Remove the "x" from my email address
> Jerry Stuckle
> JDS Computer Training Corp.
> jstucklex@attglobal.net
> ==================
Well you're probably right, but i also still haven't found a 'good'
CAPTCHA method that doesn't rely on sessions.
I'd like to have two inputs: 1 by the user, and one hidden formfield,
each with their own decryption key, and compare those,
but i haven't found a proper encryption / decryption function yet, that
is good, but quite easy to understand (not to break! ;) )
Frizzle.
Navigation:
[Reply to this message]
|