On 6/10/07, tedd <tedd@xxxxxxxxxxxx> wrote:
At 12:27 PM +0900 6/10/07, Dave M G wrote: >Tips on what differentiates a good CAPTCHA from a bad one would also >be really sweet. Dave: From a visual disability standpoint, all graphic CAPTCHA's are bad. From the not-disabled standpoint, most intelligible graphic CAPTCHA's that can be read, can also be read by bots. So, it doesn't make much difference to create variations of the theme, because the theme can always be broken if it is to remain solvable by the sighted. In other words, anything you can read, so can a bot. Of course, you must also keep in mind what you are trying to protect. If it's something popular and thus would return something of value, then no CAPTCHA is going to keep evil-doers from accessing it. On the other hand, if what you're trying to protect has no real significance, then no one is going to brother breaking your CAPTCHA. So, why use a CAPTCHA at all? Instead use something simple such as "1 + 1 = ?". That will stop most cursory bots. If your site is popular, then nothing easy like a CAPTCHA is going to work anyway -- you'll have to come up with another method. However, if you insist on making a CAPTCHA for your site (as clients, not knowing better, sometimes insist), then also add an alternative "way in" for the visually disabled like so: http://sperling.com/examples/captcha/ If you want the code, just ask and I'll provide. My thought is if you want to do image alteration, you might put your skills to better use by writing routines for various photographic effects, such as "Fish-Eye" or "Oval Cut-Outs" or whatever -- rather than beating the dead horse CAPTCHA. Cheers, tedd
Tedd: Please don't spread the code of your Audio CAPTCHA, we had a big discussion about it, and we concluded that it was quite easy to crack. I remember i've cracked some other CAPTCHAs, but if you still think your Audio CAPTCHA isn't hard to crack, then just let me know and i'll start cracking it :) Dave: The point is not only if the image itself is readable by a bot, you must also keep a note of how you pass the check around your site. I also suggest you read 3 threads, that are relative to each other, from the past: http://marc.info/?l=php-general&m=117518641415178&w=2 http://marc.info/?l=php-general&m=117521475815904&w=2 http://marc.info/?l=php-general&m=117596132004021&w=2 I think you remember the thread tedd ;) Tijnema -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php