At 2:53 PM -0500 3/26/07, Richard Lynch wrote:
If the code is embedded in the audio filename, or as part of the HTML,
the CAPTCHA itself is kinda useless to a serious attack. The attacker
will simply read the code from the HTML/URL
I have not finished with the blind testing of my audio Captcha
o out
what is currently in the pic
> -Original Message-
> From: Richard Lynch [mailto:[EMAIL PROTECTED]
> Sent: Monday, March 26, 2007 3:49 PM
> To: Jake McHenry
> Cc: 'itoctopus'; php-general@lists.php.net
> Subject: RE: [PHP] Re: My own "captcha" f
If the code is embedded in the audio filename, or as part of the HTML,
the CAPTCHA itself is kinda useless to a serious attack. The attacker
will simply read the code from the HTML/URL
You need the secret code to never actually leave your server for it to
stay secret.
That said, CAPTCHA can usua
On Sat, March 24, 2007 11:00 pm, Jake McHenry wrote:
> Index.php
> session_start();
> header("Refresh: 1");
I dunno what the heck the "Refresh" header is, but it would not shock
me in the least that your sessions are getting "lost" because your
browser does the refresh before it processes the coo
At 5:05 PM +0200 3/25/07, Dotan Cohen wrote:
On 25/03/07, tedd <[EMAIL PROTECTED]> wrote:
What about an audio Captcha?
Your thoughts?
tedd
I do a lot of my browsing at the university library. I can't have any
sound being made there each time I must enter a capcha. Don't use
audio, or provide
On 25/03/07, tedd <[EMAIL PROTECTED]> wrote:
What about an audio Captcha?
Your thoughts?
tedd
I do a lot of my browsing at the university library. I can't have any
sound being made there each time I must enter a capcha. Don't use
audio, or provide an alternative.
Dotan Cohen
http://lyricsli
This is btw not a very useful CAPTCHA, because it should stop
computers from submitting data, but a little bit smart programmer
knows that he has to get session information from the image, and
submit that to the form. Or what i saw used lately by a cracker, he
was just using his own values in sess
and
get the ID of the last one inserted (A discussion about this was
around this list lately) Then you show the code in an image, and you
store the ID in the session. Then you get ID from the session, then
get the code from the database using the ID and compare it to the one
entered in the form.
Tijnem
quot;, $_SESSION['start_time']), date("d",
$_SESSION['start_time']), date("Y", $_SESSION['start_time']));
echo 'Before: ' . $before . 'After: ' . $after . 'Time: ' .
date("H:i:s m-d-Y", $running_time) . '' .
$_SES
Hey Jake,
I checked the thing, and I tell you I did lots and lots of captchas in my
life and they mainly rely on the session.
Is it possible for you to post the script so that me (or anyone else for
that matter) fix it for you?
Take care,
--
itoctopus - http://www.itoctopus.com
""Jake McHenry"" <
10 matches
Mail list logo
