In-Portal Issue Tracker

Welcome to the In-Portal Open Source CMS Issue Tracker! This is a central management / tracking tool for all types of tasks / issues / bugs for the In-Portal Project. Before reporting any issues, please make sure to read the Guide into Issue Tracker and How to Properly Test and Report Bugs!

Viewing Issue Simple Details Jump to Notes ] Wiki ] View Advanced ] Issue History ] Print ]
ID Category Type Reproducibility Date Submitted Last Update
0000715 [In-Portal CMS] Front End feature request always 2010-04-26 08:01 2011-02-25 12:14
Reporter Dmitry View Status public Project Name In-Portal CMS
Assigned To Developer
Priority normal Resolution open Fixed in Version
Status active Product Version 5.1.0 Target Version Icebox
Time EstimateNo estimate
Summary 0000715: Replacement for CAPTCHA functionality
Description Today most popular approach is to place captcha code on form to verify, that
humans (not search engines) are submitting site forms. More dirty captcha
image is, more chances are spider/bot won't be able to recognize it. On the
other hand it makes form submitting uncomfortable for users. Also captcha is
used only on forms, when user is not logged in.

Here is approach, that is not using captcha, but still provides same level
of protection:

   1. after page with form is loaded, then send ajax request to server
   2. in ajax responce send random name and random value + save both to

   3. when ajax responce is received, then dynamically add hidden field with
   received name and value

   4. when form is submitted, then check, that submitted value matches
   generated one from session

We are generating random hidden field name to allow same form to be
submitted from different tabs of same browser, when we have same user
Because of spiders don't execute page javascript this approach can work.
Additional Information Small correction:

for correct simultaneous form submissions, two
hidden fields should be dynamically added, one with name like
"verification_key" and another with name like "verification_value",
also this pair is stored on server in session array called like
"verification_pairs" with "verification_key" as key and
"verification_value" as value. Then on submission we take session
array element with passed key and compare passed value to stored one.
Sure, also we verify that both key and value have been passed, and
passed key exists in session array.
Tags No tags attached.
Change Log Message Created replacement for Security Image functionality
Estimate Points 0
Attached Files

- Relationships Relation Graph ] Dependency Graph ]

There are no notes attached to this issue.

- Issue History
Date Modified Username Field Change
2011-02-25 12:14 Dmitry Change Log Message => Created replacement for Security Image functionality
2010-08-31 14:16 alex version => 5.1.0
2010-04-26 08:01 Dmitry New Issue
2010-04-26 08:01 Dmitry Reference =>

Web Development by Intechnic
In-Portal Open Source CMS
In-Portal Open Source CMS
Copyright © 2000 - 2009 MantisBT Group

Powered by Mantis Bugtracker