On Tue, 2007-06-12 at 11:56 -0400, Robert Cummings wrote: > On Tue, 2007-06-12 at 11:49 -0400, tedd wrote: > > At 2:12 PM +0100 6/12/07, Stut wrote: > > >The submit image is bigger than the circle, and I'm guessing Tedd is > > >checking the coords passed through. > > > > > >-Stut > > > > Yes, that's all the technique does for now. It just checks the submit > > x and submit y and determines if those coordinates lie within the > > circle. > > > > I fixed the empty submit x/y that Tijnema & Rob found, but that was > > my fault for not validating input -- but that doesn't invalidate the > > method. > > > > Please pardon my ignorance, but what I'm trying to understand is -- > > how can a bot click and determine the correct x/y coordinates to pass > > the test -- how do they do that? > > > > If it's just find the dot, then I could just as easily throw up other > > images (pig, chicken, diamond, heart) and have the use click the > > correct image (i.e., please click the heart). > > > > And, I could even morph the key image and provide it among others > > asking the user to click the image that comes close to the key image. > > > > Now, how is a bot going to figure that out? > > Finding a circle on a white background is easy. Finding a circle on a > random background is fairly easy if it's the only circle. Find an > arbitrary image within an image is a lot harder, but the same is true > for humans unless it can in some way be clearly distinguished. However, > you have another problem. let's say your image is 1000 x 1000 pixels. > And you're random whatever shape sub-image is 100 x 100 pixels. This > means you have 1000000 px^2 universe area, and 10000 px^2 image area. As > such, a random guess at a correct pixel will succeed: > > (10000 * 100) / 1000000 = .10 = 10% of the time Bad math alert... (10000 * 100) / 1000000 = 10 ;) Still the same answer though, was just mixing what I wrote with what I was thinking :) Cheers, Rob. -- .------------------------------------------------------------. | InterJinn Application Framework - http://www.interjinn.com | :------------------------------------------------------------: | An application and templating framework for PHP. Boasting | | a powerful, scalable system for accessing system services | | such as forms, properties, sessions, and caches. InterJinn | | also provides an extremely flexible architecture for | | creating re-usable components quickly and easily. | `------------------------------------------------------------' -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
