List Info

Thread: ccHost's captcha sucks
ccHost's captcha sucks
country flaguser name
United States		 2008-01-03 08:31:46 
Feature Requests item #1647307, was opened at 2007-01-29
09:27
Message generated for change (Comment added) made by
kidproto
You can respond by visiting: 
https://sourcefor
ge.net/tracker/?func=detail&atid=559969&aid=1647307&
amp;group_id=80503

Please note that this message will contain a full copy of
the comment thread,
including the initial issue submission, for this request,
not just the latest update.
>Category: ccHost
Group: None
>Status: Open
Priority: 3
Private: No
Submitted By: Asheesh Laroia (paulproteus)
Assigned to: Asheesh Laroia (paulproteus)
Summary: ccHost's captcha sucks

Initial Comment:
It generates CAPTCHAs as lots of references to images whose
number value can be deduced easily.  This is insecure.

If it were up to me, I'd use the same code that MediaWiki
uses in its FancyCaptcha extension.  That involves running
Python and having a True Type font.  If you don't want to go
that route, I'm sure there are pure-PHP solutions that
automate better CAPTCHAs, too.

------------------------------------------------------------
----------

>Comment By: Jon Phillips (kidproto)
Date: 2008-01-03 06:31

Message:
Logged In: YES 
user_id=914868
Originator: NO

Moved it to feature request...re-opened...

------------------------------------------------------------
----------

Comment By: Victor Stone (fourstones)
Date: 2008-01-02 17:04

Message:
Logged In: YES 
user_id=489789
Originator: NO

Closing this 'bug' as it is really a feature request. There
is nothing in
ccHost (from v1 on) that prevents someone from writing or
hooking in a more
acceptable captcha.

------------------------------------------------------------
----------

Comment By: Jon Phillips (kidproto)
Date: 2007-02-27 18:18

Message:
Logged In: YES 
user_id=914868
Originator: NO

paulproteus...why don't you fix it  You called
it, looks like you get to
fix it ;)

------------------------------------------------------------
----------

Comment By: Victor Stone (fourstones)
Date: 2007-01-29 23:32

Message:
Logged In: YES 
user_id=489789
Originator: NO

that's true and we've thought a lot about this but it's been
a low
priority. There are however severe throttles in place for
emailing other
users and uploading, etc. If that's not enough for you
because of sensitive
data on the site the work around (for now) would be to run
on a secure
site.

------------------------------------------------------------
----------

You can respond by visiting: 
https://sourcefor
ge.net/tracker/?func=detail&atid=559969&aid=1647307&
amp;group_id=80503
_______________________________________________
cc-devel mailing list
cc-devellists.ibiblio.org
ht
tp://lists.ibiblio.org/mailman/listinfo/cc-devel
[1]

about | contact  Other archives ( Real Estate discussion Medical topics )