On Sun, 2007-06-10 at 12:29 -0400, tedd wrote: > > From a visual disability standpoint, all graphic CAPTCHA's are bad. Sure, but from the perspective of protecting visitors from hard-core porn link, sex toys links, scams, etc etc, it has strong merit. Trust me, I've seen sites get completely messed up just because they used a forum that had no captcha... of course, I've also seen sites get completely messed up because the default captcha sucked... yes I'm looking at you PHPBB. > From the not-disabled standpoint, most intelligible graphic CAPTCHA's > that can be read, can also be read by bots. So, it doesn't make much > difference to create variations of the theme, because the theme can > always be broken if it is to remain solvable by the sighted. In other > words, anything you can read, so can a bot. Yes and no. There are levels of difficulty for both. There are somethings that a computer find more difficult than a human and vice versa. A good captcha will try to exploit a computer's weaknesses. > Of course, you must also keep in mind what you are trying to protect. > If it's something popular and thus would return something of value, > then no CAPTCHA is going to keep evil-doers from accessing it. By having a single captcha layer you allow yourself a single entry point at which to change CAPTCHA across your site. So even if you're popular you can make sitewide changes to your captcha system from a single point. You can employ multiple captcha libs, you can try and keep ahead of the bots as they knock down each wall. This is what I do. > On the other hand, if what you're trying to protect has no real > significance, then no one is going to brother breaking your CAPTCHA. Wrong. If you are protecting something completely worthless and your using a popular blog or forum software then you will undoubtedly inherit it's deficiencies regardless of the content of your site. > So, why use a CAPTCHA at all? Instead use something simple such as "1 > + 1 = ?". If your site is popular enough this will be thwarted easily also. See your original argument. > That will stop most cursory bots. If your site is popular, > then nothing easy like a CAPTCHA is going to work anyway -- you'll > have to come up with another method. Or constantly adapt. Sounds like fun :) > However, if you insist on making a CAPTCHA for your site (as clients, > not knowing better, sometimes insist), then also add an alternative > "way in" for the visually disabled like so: Now I'm not going to argue this point to any real depth. You obviously don't have statistics for the efficacy of CAPTCHA and I don't want to invoke erroneous logic by pointing out that if Slashdot, Yahoo, Google, etc are all using it then it must have some usefulness :) > http://sperling.com/examples/captcha/ > > If you want the code, just ask and I'll provide. > > My thought is if you want to do image alteration, you might put your > skills to better use by writing routines for various photographic > effects, such as "Fish-Eye" or "Oval Cut-Outs" or whatever -- rather > than beating the dead horse CAPTCHA. I'm in a time crunch right now, I'll explore more options later ;) Cheers, Rob. -- .------------------------------------------------------------. | InterJinn Application Framework - http://www.interjinn.com | :------------------------------------------------------------: | An application and templating framework for PHP. Boasting | | a powerful, scalable system for accessing system services | | such as forms, properties, sessions, and caches. InterJinn | | also provides an extremely flexible architecture for | | creating re-usable components quickly and easily. | `------------------------------------------------------------' -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
