coding@xxxxxxxxxxxxxxxxxx wrote:
Hi,
I have been investigating ways of preventing automated account
creation on the e-commerce system I am currently working on. Obviously I
have seen the graphical solutions to this problem, a small image containing
several letters and numbers which must be typed in by the user to confirm
account creation. However, this (it seems to me) is a bit overkill for what
is a pretty small client, I'm not entirely sure it's a good use of time to
create this script solely for them, does anyone know of anything
pre-packaged? Furthermore is it really worth doing this, what risks do
automated account creation present to an e-commerce site?
Tom Williams,
Digital Data
Well, CAPTCHA ( http://en.wikipedia.org/wiki/Captcha) is a pretty neat
solution ( http://www.pear.php.net/package/Text_CAPTCHA ). You can also
generate random numbers (www.php.net/rand www.php.net/mt_rand) and
combining it with this PEAR package
http://www.pear.php.net/package/Numbers_Words which is also a good
solution. The pass-string if I can call it so is best to be kept as a
session variable, since it's stored on the server-side and the user
can't view it. Storing its hash in a cookie can be also pretty fine, but
storing it in a GET variable is more than stupid.
Hope this helps,
--
Josip Dzolonga
http://josip.dotgeek.org
jdzolonga[at]gmail.com
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
