World: r3wp
[Tech News] Interesting technology
older newer | first last |
Oldes 19-Apr-2009 [3803x2] | Just write your forms using JS or at least don't use common login field names like USER and PASSWORD |
but if you don't hide the submit button, they will try to insert the links into any text field. | |
[unknown: 5] 19-Apr-2009 [3805x6] | I thought of a great idea to stop forum spammers and probably others. I don't know how it can be thwarted. |
I wouldn't know how to code it but it would probably require Javascript which I don't know. | |
But that might not be a good idea. Need something almost other than javascript. | |
The idea is to use Drag and Drop. | |
The drag and drop areas always change. | |
So its random generated. | |
ICarii 19-Apr-2009 [3811] | 3D hit testing is another upcoming captcha method |
[unknown: 5] 19-Apr-2009 [3812] | How does that work? I hear that cpatcha is being beaten by OCR methods. |
ICarii 19-Apr-2009 [3813] | there are various implementations from thread-the-needle / drag-and-drop / to overlay matching and rotation |
[unknown: 5] 19-Apr-2009 [3814] | My idea involves having the backend generate a random code that gets presented as a draggable item in a javascript driven page. The user must drag the code to a randoming placed box. The code i s also randoming placed. The script will generate a value based on the direction and length of the drag. This gets compared on the server end along with the code. |
ICarii 19-Apr-2009 [3815] | cant the spammer then just read the code to get the positions? |
[unknown: 5] 19-Apr-2009 [3816] | Yeah, which is why I don't think you can do it in javascript. I'm using that as an example to get an idea for the concept. |
ICarii 19-Apr-2009 [3817] | automating mouse movement and clicks from then on is relatively trivial |
[unknown: 5] 19-Apr-2009 [3818] | Yeah might not work via that route. |
ICarii 19-Apr-2009 [3819] | the trick is to possibly send location on drop - then verify serverside |
[unknown: 5] 19-Apr-2009 [3820x2] | Yeah - that should do it! |
Dunno, you still have to show the locations on the client end so they know where to drag. | |
ICarii 19-Apr-2009 [3822x2] | send an image |
eg: drag the object onto the purple rabbit - have an image with 20 or so differentr rabbits | |
[unknown: 5] 19-Apr-2009 [3824x3] | Possible. |
How about this. You display a rather large image and the user must click the very center of image (hold down button) and drag to a border speciied within the image. The image changes. | |
For example say the image is just a picture of a large ball or circle. The person clicks the center of the circle and holds down to expand to the perimeter of the circle in the image and releases and this gets interpretes as radius back to the server. | |
ICarii 19-Apr-2009 [3827] | still open to image analysis attack |
Oldes 19-Apr-2009 [3828] | Captachas are agains people, not bots. Bots are mostly very simple, especially the one which just puts links into fields. Why they would spend time on image analysis when they just can travel on another site with simple forms. fields. |
ICarii 19-Apr-2009 [3829] | they broke the gmail captcha and yahoo and hotmail by use of image analysis. |
Oldes 19-Apr-2009 [3830] | people.. not bots:) |
ICarii 19-Apr-2009 [3831] | oh - i thought they were reported to have automated it? |
Oldes 19-Apr-2009 [3832] | I don't think there is any bot just browsing around searching for another captcha to break in:) I can call it "a script" which someone could use to break gmail captcha, but not "a bot". Anyway... I bet they used many people to just click and traslate the images. |
ICarii 19-Apr-2009 [3833x2] | http://securitylabs.websense.com/content/Blogs/2919.aspx |
very interesting info on teh gmail break | |
Oldes 19-Apr-2009 [3835] | Yes... also there is a prove that someone pay for recognizing pictures. Anyway... if you have a normal site and don't want links in your form fields as Paul has.. using simple JS document.write is enough to hide the submit button ans stop the bots. At least that's my experience. |
Pekr 20-Apr-2009 [3836x2] | Our general media portal reports, that SUN is being bought by Oracle. I thought that it was IBM who tried to acquire them? Anyone confirms the news? |
Hmm, I wonder what happens to Open Office and MySQL then .... | |
Janko 20-Apr-2009 [3838x2] | Hm.. I imagine they have hard time selling Oracle if MySQL is free.. I wouldn't like to be mysql right now :) |
I didn't know Oracle even exists in last years, and surelly not that they have so much $$ to buy Sun (+ MySQL )... I am not sure if they are very present in web-scene | |
Pekr 20-Apr-2009 [3840] | They might close mySQL, but I think that the licence forbids them doing so. They might close further mySQL developments, but in such a case, I think that some ppl would fork it anyway ... |
BrianH 20-Apr-2009 [3841] | Oracle already owns the company thaat makes the InnoDB engine for MySQL, and that didn't kill MySQL. |
Robert 20-Apr-2009 [3842x3] | I don't think that SAP will ike this. |
Oracle moves away from a one-product company. Strategically a good step. And owning a lot of datastorage infrastructure within the companies makes them a logical choice for the other layers. | |
But overall, I don't like this happening... when will Oracle DBs internally use ZFS? | |
Pekr 20-Apr-2009 [3845] | What is wrong with ZFS? |
Robert 21-Apr-2009 [3846] | Nothing. I'm using it on OSX. My message referrs to two topics: 1. Oracle buys Sun -> I don't like it 2. Maybe ZFS will now become more a DB thing than a FS thing. |
Pekr 21-Apr-2009 [3847] | Google releases plugin for 3D API - http://arstechnica.com/software/news/2009/04/google-releases-3d-graphics-plugin-for-browsers.ars |
Janko 21-Apr-2009 [3848] | hm.. very interesting.. now unity3d (and ston3d) got some competition |
Geomol 21-Apr-2009 [3849x2] | O3D is an open-source web API for creating rich, interactive 3D applications in the browser. Wow, 3D games in the browser! It just gets better and better! What a wonderful world! ;-) |
Maybe we'll even be able to use the back button, when someone shoot us in the game. | |
Rebolek 21-Apr-2009 [3851] | LOL |
Janko 21-Apr-2009 [3852] | :) |
older newer | first last |