> -----Original Message----- > From: tedd [mailto:tedd@xxxxxxxxxxxx] > Sent: Friday, March 30, 2007 3:06 PM > To: Tijnema !; John Comerford > Cc: php-general@xxxxxxxxxxxxx > Subject: Re: Alternative/Addition to using a CAPTCHA > > At 3:37 PM +0200 3/30/07, Tijnema ! wrote: > >On 3/30/07, John Comerford <johnc@xxxxxxxxxxxxxxxxxxxx> wrote: > >>I was reading the current tread on CAPTCHA and possible cracks and I > >>thought maybe I'd throw this out to the group to see what you think. > >>Recently I saw a forum where in order to post you first had > to click on > >>a div that was placed at a random location on the page, it read > >>something like, "Click here if you are human". I was thinking that > >>maybe you could put together a system that looks something > like this: > >> > >>http://people.aapt.net.au/JComerford/ClickMe.htm > >> > >>I was thinking you could use it in a couple of ways: > >> > >>1) As a replacement to a CAPTCHA image > >>2) When you click the image a CAPTCHA image is loaded into > the 'Click > >>Me' container > >> > >>The main problem is how to tell the server that the div has been > >>clicked, in a way that can't be simulated. I am not an expect with > >>either JS or PHP, but maybe some of the bigger brains out > there could > >>throw in their 2 cents...... > >> > >>JC > > > >This looks maybe hard to crack, but actually it isn't very hard. All > >the clicking does is calling a javascript function. You still could > >submit the page without clicking the box. > > > >Tijnema > > Tijnema & John: > > The above link I've already done a long time ago. But check out my > dot CAPTCHA here: > > http://sperling.com/examples/p-captcha > Maybe I'm going blind.. But I don't see a circle on that page anywhere? Everywhere I click it fails...... Jake > This does not use javascript, but does use sessions. > > As you can see, the blue dot can be placed anywhere on the entrance > page. Granted this presents problem for the visually impaired, so I'm > not recommending it. But, it's just a proof of concept at this point. > Plus, I have not checked this on all browsers. I suspect that some > browsers may have problems with alpha channel images -- so your > mileage may differ. > > In any event, I think this may be a bit more difficult to crack than > something that replies upon javascript -- what do you think? > > Cheers, > > tedd > > -- > ------- > http://sperling.com http://ancientstones.com http://earthstones.com > > -- > PHP General Mailing List (http://www.php.net/) > To unsubscribe, visit: http://www.php.net/unsub.php > > -- > No virus found in this incoming message. > Checked by AVG Free Edition. > Version: 7.5.446 / Virus Database: 268.18.23/740 - Release > Date: 3/30/2007 1:15 PM > > -- No virus found in this outgoing message. Checked by AVG Free Edition. Version: 7.5.446 / Virus Database: 268.18.23/740 - Release Date: 3/30/2007 1:15 PM -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
