Solved

Random code in a graphic for verification purposes on a webpage

Posted on 2007-03-20
8
758 Views
Last Modified: 2013-12-25
I need to implement the a code verification system that webpages have to ensure "human" input. I know that a series of numbers and letters are randomly generated an stored in a gif file, then the user interprets the garbled code and enters it into a text box.  Does anyone have any experience with this?  How do I create the random code in the graphic?

Thanks
0
Comment
Question by:onemorecoke
8 Comments
 
LVL 1

Accepted Solution

by:
TylerP earned 500 total points
ID: 18763476
You could create about 10 deferent Gifs in photoshop and just randomly display the image so the user can read and enter the correct characters.
I've used asp.net to generate image files before but this solution might be simpler for what is needed.
 
0
 
LVL 3

Author Comment

by:onemorecoke
ID: 18763504
I was thinking that but what if a hacker figures all 10 codes and just tries them all in their code?  I am wondering if I am over-thinking this.
0
 
LVL 1

Expert Comment

by:TylerP
ID: 18763868
Its always good to keep security in mind. My thought is that this random image generation main purpose was to keep automated systems for hacking to be able to read the text. By just using any image with text only readable by the human eye would keep this type of hacking from being effective because you would still need the hacker to go to the website and read each image with his own eyes. Then also keep from displaying all the images on the same day. It just depends on how much time you want to spend on this part of development and what value you see in it and most importantly what value a hacker might see in it.
0
 
LVL 26

Expert Comment

by:David Brugge
ID: 18773756
> I was thinking that but what if a hacker figures all 10 codes and just tries them all in their code?  I am wondering if I am over-thinking this.

This is easy to test for. If a user mistypes an image that you are displaying, the odds are increadibly small that by accident he typed in the exact same code as on another image. In your scenereo, the hack would test with one code that had been known to be good, then use another. It would be save to surmise that anyone who enters an otherwise good code as a response to another being shown is up to no good and can be blocked for a period of time.
For example Todays code is ABC, yesterdays was XYZ. If you show a gif of ABC and get a response of XYZ you know that was not a simple mistake.

David B
0
Do You Know the 4 Main Threat Actor Types?

Do you know the main threat actor types? Most attackers fall into one of four categories, each with their own favored tactics, techniques, and procedures.

 
LVL 3

Author Comment

by:onemorecoke
ID: 18774507
That is true, but it would still be nice to find an activex control that would produce a gif automatically each time.  There has to be something like that out there....
0
 
LVL 2

Expert Comment

by:khoama
ID: 18782460
I suggest that you generate image at runtime using some library (GD for PHP for example) at runtime and display to the user. I'll send you the code in PHP if needed.
0
 
LVL 3

Author Comment

by:onemorecoke
ID: 18783643
khoama,

I dont use PFP and would not know what to do with it!  Thank you anyway.

0
 
LVL 16

Expert Comment

by:kiranvj
ID: 18865109
0

Featured Post

6 Surprising Benefits of Threat Intelligence

All sorts of threat intelligence is available on the web. Intelligence you can learn from, and use to anticipate and prepare for future attacks.

Join & Write a Comment

Envision that you are chipping away at another e-business site with a team of pundit developers and designers. Everything seems, by all accounts, to be going easily.
Boost your ability to deliver ambitious and competitive web apps by choosing the right JavaScript framework to best suit your project’s needs.
This video teaches users how to migrate an existing Wordpress website to a new domain.
Any person in technology especially those working for big companies should at least know about the basics of web accessibility. Believe it or not there are even laws in place that require businesses to provide such means for the disabled and aging p…

747 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

12 Experts available now in Live!

Get 1:1 Help Now