--- "Chris W. Parker" <[EMAIL PROTECTED]> wrote:
> Exactly what is the purpose of this? Let me clarify. I know that
> it's supposed to prevent computers from submitting forms
> automatically because they cannot read the graphic, but what I
> don't understand is in what cases this is useful?
You have a page that collects credit card information for payment. An attacker
finds a database full of credit card numbers but wants to verify which ones are
still valid (it might be a very old database). So, after noticing your page,
this attacker writes a quick little script in PHP that loops through the list
of credit card numbers, submitting them to your site, and compares the output
to distinguish success from failure.
You end up with so many chargebacks that you lose your merchant account, and
your company loses so much money that you lose your job.
How's that? :-)
Chris
=====
HTTP Developer's Handbook
http://shiflett.org/books/http-developers-handbook
My Blog
http://shiflett.org/
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
