> On Monday, Nov 10, 2003, at 22:49 US/Pacific, Ramprasad A Padmanabhan
> wrote:
> [..]
> > Or should I write a jpg genertor using something like gd
> and create a
> > database of images and the actual numbers they contain
> [..]
>
> I personally do not know of any specific perl module
> that will generate the image on the fly. You would
Imager, GD, Image::Magick
> not need to have many of them, since the idea you are
> working with is to prevent a single event - namely
> an automatic registration.
>
> You could make the images with all sorts of tools,
> including PowerPointPresentation, and then save them
> as a jpeg, gif, png. Just make sure that the 'key' -
> which can be letters and numbers, will stand out cleanly
> in your 'image' - the 'red/green' colour blind will have
> problems with various patterns and will not be able to see the 'key'.
>
If you pre determine those thins they can easily be either found out and used or
Brute force attacked until oneg that works is found and tehn used over and over.
I have a solution that does the image generation, encrypted validation, and each
combo can only be used once and for only a few minutes after it is generated.
I've used it for a while and it is very secure, I've tried and have had others
try to break in and it just won't budge.
It's really easy to add to a form and form processor and it's all Perl, yum!
I can customize fonts and color schemes, sizes, time before it expires, etc, etc.
If anyone is interested in using it feel free to contact me off list.
If I get time I'll put up an example form for you all to log in and check it out for
yourselves.
> Then all you have to do is stuff a 'hidden value' in
> the form data that is YOUR key about which image you
> sent out, and if the response is not the same value
> as the 'key' returned - then.... send them back a
> page noting that you can not fill it in.
>
> { you could of course do some javascripting, but that
> would also open the hole that if you send the 'key'
> '1234' the javascript will have the comparator in plain text'. }
>
> So your level of 'security' is well, amusing at
> which ever level you want to put it.
--
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
