J
Joe
Hello,
These days, there seems to be more and more sites relying on showing the
user weird images of characters which they then have to type in a text box
to submit a form.
I'm in the process of developing a GPL'ed website system. The system itself
works fine, so I'm looking at ways to reduce the ability for
scripts/bots/whatnot to sign up on the site or use anything that's
accessible to anonymous users (which, granted, isn't much at the moment).
But "show 'em an image" seems to be the only solution I run into.
I'm not sure if I consider that a solution, because... well, what if it's a
blind or visually impaired person trying to sign up? I want the system to
be accessible to everyone, not just people with good eyesight. (And even
with my perfect vision, I have trouble reading some of the more "unique"
graphic texts used on some sites.)
Is anyone aware of an alternative solution? The system already requires
e-mail verification, but I've seen bots that automatically read and verify
the e-mail (particularly for phpBB verification ... a bot signs up on a
phpBB board, verifies the e-mail, then proceeds to make a post on the
forum!).
So basically, I'm looking for ideas on ways to avoid issues like this,
before anyone uses my code (besides myself).
As it is, I've got a "hidden security code" system that reduces that can
reduce some such nastiness, and even auto-ban/report to admin if there's
something funny going on. But I already know it's flawed and easily
bypassable.
The limitations:
1) It's a Perl system, so anything that can be done backend-wise in Perl is
good.
2) It needs to be accessible. (Even to the blind.)
3) It cannot involve changes to the actual web server itself. (The code
needs to be useable on web hotels and such where Perl is allowed, but
there's no control over the server itself. If a Perl Module is needed but
the host doesn't have it installed, the system has a way to deal with
that.)
Has anyone seen any unique or "working" ways of handling such an issue, or
at least severely reducing the potential for it, that could be implemented
in Perl scripts?
Thanks,
Joe
These days, there seems to be more and more sites relying on showing the
user weird images of characters which they then have to type in a text box
to submit a form.
I'm in the process of developing a GPL'ed website system. The system itself
works fine, so I'm looking at ways to reduce the ability for
scripts/bots/whatnot to sign up on the site or use anything that's
accessible to anonymous users (which, granted, isn't much at the moment).
But "show 'em an image" seems to be the only solution I run into.
I'm not sure if I consider that a solution, because... well, what if it's a
blind or visually impaired person trying to sign up? I want the system to
be accessible to everyone, not just people with good eyesight. (And even
with my perfect vision, I have trouble reading some of the more "unique"
graphic texts used on some sites.)
Is anyone aware of an alternative solution? The system already requires
e-mail verification, but I've seen bots that automatically read and verify
the e-mail (particularly for phpBB verification ... a bot signs up on a
phpBB board, verifies the e-mail, then proceeds to make a post on the
forum!).
So basically, I'm looking for ideas on ways to avoid issues like this,
before anyone uses my code (besides myself).
As it is, I've got a "hidden security code" system that reduces that can
reduce some such nastiness, and even auto-ban/report to admin if there's
something funny going on. But I already know it's flawed and easily
bypassable.
The limitations:
1) It's a Perl system, so anything that can be done backend-wise in Perl is
good.
2) It needs to be accessible. (Even to the blind.)
3) It cannot involve changes to the actual web server itself. (The code
needs to be useable on web hotels and such where Perl is allowed, but
there's no control over the server itself. If a Perl Module is needed but
the host doesn't have it installed, the system has a way to deal with
that.)
Has anyone seen any unique or "working" ways of handling such an issue, or
at least severely reducing the potential for it, that could be implemented
in Perl scripts?
Thanks,
Joe