[thelist] junk entry into forms (captcha?)
Luther, Ron
Ron.Luther at hp.com
Wed Feb 7 14:13:49 CST 2007
Steven Streight asked:
>>is Hershel's example of captcha vulnerable to bots?
>>Having "two" next to the text input box might be easy
>>for a bot to figure out "translate to numerical equivalent".
Hi Steven,
While not a noted bot expert, I just had to chime in because I believe
the answer is a most definite "it depends".
The fun part is that I believe it depends on ... ROI! ;-)
For most personal sites and quite a few small biz sites I think
Hershel's
approach will be valid and effective. I think few folks would be
interested
enough in trashing any of _my_ sites to bother hardcoding a bot around a
simple logic question.
{Programmatically? No. I don't think any bots are good enough to
_efficiently_ break a logic system by themselves. However, the simple
systems we are talking about - enter the number "2", the word "white",
the letter "A" - any of
those could be hardwired or have a range hardwired.}
However, at the same time, I don't believe this would be an effective
approach for any high profile site that *could* be likely to be a target
for bot activity. Say, for example, on-line reservation systems.
HTH,
RonL.
(So, since we don't have card keys widely adopted yet ... why don't we
see more captchas combined with passwords in 'login' situations?)
More information about the thelist
mailing list