[thelist] injection attacks on php contact form

Kasimir K evolt at kasimir-k.fi
Wed Nov 30 07:59:59 CST 2005

Alex Beston scribeva in 2005-11-30 12:09:
>  but hang on K. isnt a turing test a good thing on a form?

Not necessarily, and a *visual* turing test could be a bad thing on a form.

For example, in the OP's case where the bots can be dealt with without 
using a turing test, there's no benefit from using it, but for human 
users it gives at best some slight trouble and at worst a completely 
inaccessible form, which the user is not able to use.

So when considering whether to use a turing test or not at least 
following points should be thought of:
- do I really need it, or could I deal with bots using other methods
- do I need a visual turing test, or are there more accessible options

Medicine causing more problems than the disease is a bad medicine.

The link I included in my first reply on this is really worth a read. So 
if you didn't yet, check now out http://www.w3.org/TR/turingtest/


More information about the thelist mailing list