|
|
|
Choosing A Webhost: |
Re: RFC: CGI::Application::Plugin::CAPTCHA: msg#00135lang.perl.modules.cgi-appplication
> -----Original Message----- > From: Michael Peters [mailto:mpeters@xxxxxxxxxxxxx] > Sent: Thursday, August 25, 2005 6:56 PM > To: Jason A. Crome > Cc: cgiapp@xxxxxxxxxxxxxxxxx > Subject: Re: [cgiapp] RFC: CGI::Application::Plugin::CAPTCHA > > [...] > > I wouldn't store the images at all. A good CAPTCHA should use an image > only once. That would be a waste to store. Just send the > image directly > to the browser (with the cookie of course). > > [...] > > If create_captcha() simply returned the image to the browser then the > user could do something like this in their HTML > > <img src="/my/app?rm=captcha"> > > And put it where ever they want. I second this idea suggested by Michael: the captcha should be generated on-the-fly, by a dedicated run-mode which returns the image binary content (and there's no need to store the generated image anywhere). This is exactly what I always do in a very similar context, that is when I have to generate /live/ charts (for example via GD::Graph) in my CA applications. As for the response headers, I have a /dedicated/ subclass (which inherits from my application base class) which contains only the run-modes which generate the graphics. In this subclass, similarly to what suggested by Mark, I then simply override cgiapp_postrun, this way: sub cgiapp_postrun { my $self = shift; $self->header_props( -type => 'image/png' ) } (change the image type according to the format you are returning of course). Since this subclass contains only run-modes which return images, no further tests are required. As for the check, I would then suggest to simply store the string, unencrypted, in the (server side) session data, and then check against it the string provided by the user. Trying to avoid session management IMO only leads to greater complications. Finally, it could be useful to integrate such captcha plugin with CAP::ValidateRM (a plugin of a plugin? :-) Ciao, Emanuele. --------------------------------------------------------------------- Web Archive: http://www.mail-archive.com/cgiapp@xxxxxxxxxxxxxxxxx/ http://marc.theaimsgroup.com/?l=cgiapp&r=1&w=2 To unsubscribe, e-mail: cgiapp-unsubscribe@xxxxxxxxxxxxxxxxx For additional commands, e-mail: cgiapp-help@xxxxxxxxxxxxxxxxx
|
|
| <Prev in Thread] | Current Thread | [Next in Thread> |
|---|---|---|
| Previous by Date: | Re: RFC: CGI::Application::Plugin::CAPTCHA, Tony Fraser |
|---|---|
| Next by Date: | Re: RFC: CGI::Application::Plugin::CAPTCHA, B10m |
| Previous by Thread: | Re: RFC: CGI::Application::Plugin::CAPTCHA, Tony Fraser |
| Next by Thread: | Re: RFC: CGI::Application::Plugin::CAPTCHA, Clint Moore |
| Indexes: | [Date] [Thread] [Top] [All Lists] |
Free MagazinesCisco NewsReceive a free quarterly e-newsletter with exclusive articles on how Cisco IT uses its own products and solutions to enable the business. subscribe Systems Management News, the newspaper for IT systems administration and data center managers! Each issue of Systems Management News is chock-full of news and analysis to help you understand what's happening in your field. subscribe The Enterprise Newsweekly eWeek is the essential technology information source for builders of e-business. subscribe Oracle Magazine Oracle Magazine contains technology strategy articles, sample code, tips, Oracle and partner news, how to articles for developers and DBAs, and more. Oracle (NASDAQ: ORCL) is the world's largest enterprise software company. subscribe Total Telecom Total Telecom is "The Economist of the communications industry". subscribe |
