|
Posted by Josip Dzolonga on 04/06/05 15:34
coding@digital-data.co.uk wrote:
>Hi,
>
> I have been investigating ways of preventing automated account
>creation on the e-commerce system I am currently working on. Obviously I
>have seen the graphical solutions to this problem, a small image containing
>several letters and numbers which must be typed in by the user to confirm
>account creation. However, this (it seems to me) is a bit overkill for what
>is a pretty small client, I'm not entirely sure it's a good use of time to
>create this script solely for them, does anyone know of anything
>pre-packaged? Furthermore is it really worth doing this, what risks do
>automated account creation present to an e-commerce site?
>
>
>
>Tom Williams,
>
>Digital Data
>
>
>
>
Well, CAPTCHA ( http://en.wikipedia.org/wiki/Captcha) is a pretty neat
solution ( http://www.pear.php.net/package/Text_CAPTCHA ). You can also
generate random numbers (www.php.net/rand www.php.net/mt_rand) and
combining it with this PEAR package
http://www.pear.php.net/package/Numbers_Words which is also a good
solution. The pass-string if I can call it so is best to be kept as a
session variable, since it's stored on the server-side and the user
can't view it. Storing its hash in a cookie can be also pretty fine, but
storing it in a GET variable is more than stupid.
Hope this helps,
--
Josip Dzolonga
http://josip.dotgeek.org
jdzolonga[at]gmail.com
[Back to original message]
|