[thelist] injection attacks on php contact form
Kasimir K
evolt at kasimir-k.fi
Wed Nov 30 07:59:59 CST 2005
Alex Beston scribeva in 2005-11-30 12:09:
> but hang on K. isnt a turing test a good thing on a form?
Not necessarily, and a *visual* turing test could be a bad thing on a form.
For example, in the OP's case where the bots can be dealt with without
using a turing test, there's no benefit from using it, but for human
users it gives at best some slight trouble and at worst a completely
inaccessible form, which the user is not able to use.
So when considering whether to use a turing test or not at least
following points should be thought of:
- do I really need it, or could I deal with bots using other methods
- do I need a visual turing test, or are there more accessible options
Medicine causing more problems than the disease is a bad medicine.
The link I included in my first reply on this is really worth a read. So
if you didn't yet, check now out http://www.w3.org/TR/turingtest/
.k
More information about the thelist
mailing list