[thelist] junk entry into forms (captcha?)

Luther, Ron Ron.Luther at hp.com
Wed Feb 7 14:13:49 CST 2007

Steven Streight asked:

>>is Hershel's example of  captcha vulnerable to bots? 
>>Having "two" next to the text input box might be easy 
>>for a bot to figure out "translate to numerical equivalent".

Hi Steven,

While not a noted bot expert, I just had to chime in because I believe 
the answer is a most definite "it depends".

The fun part is that I believe it depends on ... ROI!  ;-)

For most personal sites and quite a few small biz sites I think
approach will be valid and effective.  I think few folks would be
enough in trashing any of _my_ sites to bother hardcoding a bot around a

simple logic question.

{Programmatically? No.  I don't think any bots are good enough to 
_efficiently_ break a logic system by themselves.  However, the simple 
systems we are talking about - enter the number "2", the word "white",
the letter "A" - any of 
those could be hardwired or have a range hardwired.}

However, at the same time, I don't believe this would be an effective 
approach for any high profile site that *could* be likely to be a target

for bot activity.  Say, for example, on-line reservation systems.


(So, since we don't have card keys widely adopted yet ... why don't we 
see more captchas combined with passwords in 'login' situations?)

More information about the thelist mailing list