Re: Feeback wanted on site with PHP exercices
- From: tom pester <Tom.PesterDELETETHISSS@xxxxxxxxxx>
- Date: Thu, 08 Sep 2005 00:10:19 GMT
Hi Phil,
Now I have the answer to your addition sum, and the session ID from your "hidden" field. That wasn't difficult, was it?
Turing numbers are nowhere near as vulnerable. Implemented properly, they are impossible for computers to read successfully without a lot of hard work targeted at each specific implementation.
I asked for another way but thx for the script anyway...
I know it's easy to parse the numbers but can you think of another way to abuse that page.
Again, my point is that turing numbers are a good solution _now_ and I will use them in a commercial site.
But it's only a matter of time before computers can read turing numbers as easily as tehy do addition now.
And this page isn't easily exploitable by a bot either. The spammer's bots won't find this page automaticaly and if he stumbles upon it he has to do some custom coding. I think he will go and look for an eaiser alternative (which are plentyful).
There are other alternatives that are cost based in which the difficulty of parsing a test outweighs the profit a spammer makes.
I remember reading a good article in scientific american about it.
Anyway, this is an exercice of me in making it as secure as possible with the known limitation that a simple parsing circomvents it if the spammer takes the trouble (which he won't ;)
Can you look at my question this way and see if there is a flaw in it?
.
- References:
- Re: Feeback wanted on site with PHP exercices
- From: Philip Ronan
- Re: Feeback wanted on site with PHP exercices
- Prev by Date: Re: Feeback wanted on site with PHP exercices
- Next by Date: Re: Feeback wanted on site with PHP exercices
- Previous by thread: Re: Feeback wanted on site with PHP exercices
- Next by thread: Re: Feeback wanted on site with PHP exercices
- Index(es):
Relevant Pages
|
