onemorecoke
asked on
Random code in a graphic for verification purposes on a webpage
I need to implement the a code verification system that webpages have to ensure "human" input. I know that a series of numbers and letters are randomly generated an stored in a gif file, then the user interprets the garbled code and enters it into a text box. Does anyone have any experience with this? How do I create the random code in the graphic?
Thanks
Thanks
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
Its always good to keep security in mind. My thought is that this random image generation main purpose was to keep automated systems for hacking to be able to read the text. By just using any image with text only readable by the human eye would keep this type of hacking from being effective because you would still need the hacker to go to the website and read each image with his own eyes. Then also keep from displaying all the images on the same day. It just depends on how much time you want to spend on this part of development and what value you see in it and most importantly what value a hacker might see in it.
> I was thinking that but what if a hacker figures all 10 codes and just tries them all in their code? I am wondering if I am over-thinking this.
This is easy to test for. If a user mistypes an image that you are displaying, the odds are increadibly small that by accident he typed in the exact same code as on another image. In your scenereo, the hack would test with one code that had been known to be good, then use another. It would be save to surmise that anyone who enters an otherwise good code as a response to another being shown is up to no good and can be blocked for a period of time.
For example Todays code is ABC, yesterdays was XYZ. If you show a gif of ABC and get a response of XYZ you know that was not a simple mistake.
David B
This is easy to test for. If a user mistypes an image that you are displaying, the odds are increadibly small that by accident he typed in the exact same code as on another image. In your scenereo, the hack would test with one code that had been known to be good, then use another. It would be save to surmise that anyone who enters an otherwise good code as a response to another being shown is up to no good and can be blocked for a period of time.
For example Todays code is ABC, yesterdays was XYZ. If you show a gif of ABC and get a response of XYZ you know that was not a simple mistake.
David B
ASKER
That is true, but it would still be nice to find an activex control that would produce a gif automatically each time. There has to be something like that out there....
I suggest that you generate image at runtime using some library (GD for PHP for example) at runtime and display to the user. I'll send you the code in PHP if needed.
ASKER
khoama,
I dont use PFP and would not know what to do with it! Thank you anyway.
I dont use PFP and would not know what to do with it! Thank you anyway.
Captcha is what you are looking.
Captcha in PHP
http://www.thepoorhouse.org.uk/implementing_captcha_spam_protection_in_php
http://captchas.net/sample/php/
http://www.white-hat-web-design.co.uk/articles/php-captcha.php
http://frikk.tk/comments-273-04.28.06.htm
hope these helps
kiranvj
Captcha in PHP
http://www.thepoorhouse.org.uk/implementing_captcha_spam_protection_in_php
http://captchas.net/sample/php/
http://www.white-hat-web-design.co.uk/articles/php-captcha.php
http://frikk.tk/comments-273-04.28.06.htm
hope these helps
kiranvj
ASKER