| Anonymous | Login | Signup for a new account | 2024-04-24 21:25 CDT | |
| Main | My View | View Issues | Change Log | Roadmap | Docs | Wiki | Repositories |
| Viewing Issue Advanced Details [ Jump to Notes ] [ Wiki ] | [ View Simple ] [ Issue History ] [ Print ] | |||||
| ID | Category | Type | Reproducibility | Date Submitted | Last Update | |
| 0000715 | [In-Portal CMS] Front End | feature request | always | 2010-04-26 08:01 | 2011-02-25 12:14 | |
| Reporter | Dmitry | View Status | public | Project Name | In-Portal CMS | |
| Assigned To | Developer | |||||
| Priority | normal | Resolution | open | Platform | ||
| Status | active | OS | ||||
| OS Version | ||||||
| ETA | none | Fixed in Version | Product Version | 5.1.0 | ||
| Target Version | Icebox | Product Build | ||||
| Time Estimate | No estimate | |||||
| Summary | 0000715: Replacement for CAPTCHA functionality | |||||
| Description |
Today most popular approach is to place captcha code on form to verify, that humans (not search engines) are submitting site forms. More dirty captcha image is, more chances are spider/bot won't be able to recognize it. On the other hand it makes form submitting uncomfortable for users. Also captcha is used only on forms, when user is not logged in. Here is approach, that is not using captcha, but still provides same level of protection: 1. after page with form is loaded, then send ajax request to server 2. in ajax responce send random name and random value + save both to session 3. when ajax responce is received, then dynamically add hidden field with received name and value 4. when form is submitted, then check, that submitted value matches generated one from session We are generating random hidden field name to allow same form to be submitted from different tabs of same browser, when we have same user session. Because of spiders don't execute page javascript this approach can work. |
|||||
| Steps To Reproduce | ||||||
| Additional Information |
Small correction: for correct simultaneous form submissions, two hidden fields should be dynamically added, one with name like "verification_key" and another with name like "verification_value", also this pair is stored on server in session array called like "verification_pairs" with "verification_key" as key and "verification_value" as value. Then on submission we take session array element with passed key and compare passed value to stored one. Sure, also we verify that both key and value have been passed, and passed key exists in session array. |
|||||
| Tags | No tags attached. | |||||
| Reference | http://groups.google.com/group/in-portal-dev/browse_thread/thread/5dc836fb951a5077 | |||||
| Change Log Message | Created replacement for Security Image functionality | |||||
| Estimate Points | 0 | |||||
| Attached Files | ||||||
|
|
||||||
 Relationships [ Relation Graph ]
[ Dependency Graph ]
|
|
 Relationships |
| There are no notes attached to this issue. |
|
Notes |
|
Issue History |
|||
| Date Modified | Username | Field | Change |
| 2011-02-25 12:14 | Dmitry | Change Log Message | => Created replacement for Security Image functionality |
| 2010-08-31 14:16 | alex | version | => 5.1.0 |
| 2010-04-26 08:01 | Dmitry | New Issue | |
| 2010-04-26 08:01 | Dmitry | Reference | => http://groups.google.com/group/in-portal-dev/browse_thread/thread/5dc836fb951a5077 |
|
Issue History |
| Main | My View | View Issues | Change Log | Roadmap | Docs | Wiki | Repositories |
Web Development by Intechnic
In-Portal Open Source CMS |
Copyright © 2000 - 2009 MantisBT Group
 |