Search

Calendar

<< November 2009 >>
Sun Mon Tue Wed Thu Fri Sat
1 2 3 4 5 6 7
8 9 10 11 12 13 14
15 16 17 18 19 20 21
22 23 24 25 26 27 28
29 30          

Archives By Subject

AJAX (2) [RSS]
Apache (4) [RSS]
Blog (5) [RSS]
CAPTCHA (1) [RSS]
CFEclipse (1) [RSS]
ColdFusion (36) [RSS]
Copyright (2) [RSS]
CVS (2) [RSS]
Databases (1) [RSS]
Dreamweaver (1) [RSS]
Eclipse (2) [RSS]
EZProxy (1) [RSS]
Facebook (4) [RSS]
Firefox (8) [RSS]
Flash (1) [RSS]
General (6) [RSS]
Google (12) [RSS]
graphics (1) [RSS]
ILLiad (0) [RSS]
Java (6) [RSS]
JavaScript (2) [RSS]
Just for fun (1) [RSS]
Linux (6) [RSS]
Lucene (4) [RSS]
modelglue (9) [RSS]
MXNA (1) [RSS]
Mycroft (2) [RSS]
OS X (1) [RSS]
PDF (1) [RSS]
Personal (1) [RSS]
Photos (1) [RSS]
PHP (1) [RSS]
Programming (5) [RSS]
Server (6) [RSS]
Solaris (2) [RSS]
Solr (5) [RSS]
Subversion (3) [RSS]
Web (11) [RSS]
Windows (1) [RSS]
XML (16) [RSS]
XSLT (1) [RSS]

Recent Entries

No recent entries.

Recent Comments

No Recent Comments

RSS


Subscribe

Enter your email address to subscribe to this blog.

CAPTCHA

Posted At : January 13, 2005 4:45 PM
Related Categories: CAPTCHA

While working on a new site that needed a registration system, I started seriously looking at CAPTCHA for the first time. For the uninitiated, CAPTCHA stands for Completely Automated Program for Telling Computers and Humans Apart. The premise of this is simple, humans can read obfuscated text whereas computer programs cannot.

You've probably seen these when registering for various web accounts. Essentially you have a dictionary file and a background file. You randomly select a word from the dictionary file and create an obfuscated image from it, read the background image and obfuscate it, then mash the two together. You then load the image's word into a session variable and pass it along with your form structure.

I've been experimenting with several ways of doing this. I played with Ryan Emerle's cfx_captcha tag, but ran into some problems with flushing the image after it had been used.

Next came OpenXCF from SourceForge. They have a CFX tag nammed ImageString that allows you to place a string on top of an image.

Also, Joe Rineheart create the CF_CreateImage (based on the Alagad Image Component) that can be used to the same end.

There's also a down-side to all of this...accessibility. If you need to keep bots out, be aware that you're significantly reducing accessibility for those with vision impairments. So the question becomes, how do you keep bots aware, without also keeping real people from your site? Here are a couple of potential solutions:

  1. Logic Puzzles - a simple word puzzle is a greate way to keep out computers. However, persons with cognative disorders may still have trouble. Plus, the shear vastness of questions needed to keep a program from collecting all the puzzles is prohibitive.
  2. Sound Output - if your users cannot view a CAPTCHA, outputting a sound file is an answer. However, according to CNET this still has some problems for even those with good hearing.

There are tons of different methods, each with their own drawbacks and positives. There's not an answer as of yet, but I think that a combination of CAPTCHA and perhaps alternatives like sound output and heuristic checking (when appropriate) is the best way to keep bots away and from spamming the users of your services.

Comments (0) | Print | Send | del.icio.us | Linking Blogs | Views
Comments (Comment Moderation is enabled. Your comment will not appear until approved.)

There are no comments for this entry.

[Add Comment]