Re: CAPTCHA system in webDNA

This WebDNA talk-list message is from

2005


It keeps the original formatting.
numero = 60817
interpreted = N
texte = > Here is the random password-generator code, currently in use at SearchBoise.com, which I based >largely on code I got on the list from Brian Fries: Um, I based the pass-gen code on Brian's code...I did not base SearchBoise.com on Brian's code, in case anyone misunderstood my poorly-constructed sentence. :) -Dan On Wed, 19 Jan 2005 17:03:05 -0800 "Dan Strong" wrote: > Bill, > > Here is the random password-generator code, currently in use at SearchBoise.com, which I based >largely on code I got on the list from Brian Fries: > ----------------------------------- > [text]tPasswordLength=8[/text] > [text]tChars=abcdefghijkmpqrstuvwxyz23456789ABCDEFGHJKLMNPQRSTUVWXYZ23456789[/text] > [text]tMax=[countchars][tChars][/countchars][/text] > [text]tPass=[/text] > [loop start=1&end=[tPasswordLength]] > [text]tX=[math]ceil([random format=float]*[tMax])[/math][/text] > [text]tPass=[tPass][getchars start=[tX]&end=[tX]][tChars][/getchars][/text] > [/loop] > [tPass] > ----------------------------------- > > You can change [PasswordLength] to whatever you need, so if you wanted to generate a 128 >character key, for instance, change it to 128. > > Also, for my purposes, I removed any characters that would be 'confusing' (e.g. 1 & l, O &0), >but you can have whatever characters you like in the [tChars] variable. > > Go to http://www.SearchBoise.com/ip.html to see a sample of this code in action (refresh the >page to change it). > > -Dan > > > > > > > > On Wed, 19 Jan 2005 15:56:25 -0500 > devaulw@onebox.com wrote: >> Here's my thinking on this: >> >> The idea I had was to send the link you suggest with an unsubscribe request email but provide a >>verification page that requires the image to be input. The method Ken proposed would permit the >>request and then allow automated unsubscribe attempts. Not a bad proposal if the brute force >>attempts go to waste. Here's how I think I'll deter the brute force attempts. I can permit only >>a few attempts before >>sending another email. At least then a user knows their subscription is being hacked. "If you >>did not request this, please let us know. Someone may be trying to unsubscribe your email >>account." I can be copied on these emails. I can also make a key (Ken used a cart but Dan >>proposed a password generator that could be >>stronger) that makes the attempts not worth a brute force attack. Dan, can you share that >>password generating code? If all this fails, I can implement the CAPTCHA for when I detect >>failed attempts that resemble a >>bot/brute force attack. I still may use CAPTCHA for "email this page to a friend" so I need to >>pursue this idea further. Thanks everyone for your ideas in implementing some security on my >>CAN-SPAM compliance. >> >> Regards, >> Bill >> >> -----Original Message----- >>From: Kenneth Grome >> Sent: Thu, 20 Jan 2005 00:12:48 +0800 >> To: "WebDNA Talk" >> Subject: Re: CAPTCHA system in webDNA >> >> You're trying to prevent automatic email deletion from an opt-in mailing list? >> >> I wouldn't mess with the system you're suggesting at all. Instead when the visitor enters his >>(or someone else's) email address into the email field in your unsubscribe form, I would enter a >>unique value into the 'unsubscribe' field of his database record: >> >> [replace db=subscribers.db&eqemaildatarq=[email]]unsubscribe=[cart][/replace] >> >> .. and then in the same template I would send the visitor an email message with a URL that has >>that same unique value in it, like this: >> >> >> ************************************ >> "Someone entered your email address into the >> UNSUBSCRIBE page on our web site. If that person >> was you, and if you really want to unsubscribe, just >> click this link and we will unsubscribe you immediately:" >> >> http://domain.com/page.html?out=[cart] >> >> "But if you do NOT want to unsubscribe from our list, >> please just ignore this message, thanks." >> ************************************ >> >> >> The person who receives this email message may (or may not ) click that link. If he clicks the >>link, your webdna code simply deletes the only record in the subscribers database that has that >>unique 'out' value in the unsubscribe field: >> >> [delete db=subscribers.db&equnsubscribedatarq=[out]] >> >> Simple and efficient, and no images or other non-webdna tricks required. >> >> :) >> >> Sincerely, >> Kenneth Grome >> www.kengrome.com >> >> >> ------------------------------------------------------------- >> This message is sent to you because you are subscribed to >> the mailing list . >> To unsubscribe, E-mail to: >> To switch to the DIGEST mode, E-mail to >> Web Archive of this list is at: http://webdna.smithmicro.com/ > > > ------------------------------------------------------------- > This message is sent to you because you are subscribed to > the mailing list . > To unsubscribe, E-mail to: > To switch to the DIGEST mode, E-mail to > Web Archive of this list is at: http://webdna.smithmicro.com/ ------------------------------------------------------------- This message is sent to you because you are subscribed to the mailing list . To unsubscribe, E-mail to: To switch to the DIGEST mode, E-mail to Web Archive of this list is at: http://webdna.smithmicro.com/ Associated Messages, from the most recent to the oldest:

    
  1. Re: CAPTCHA system in webDNA ( Justin Carroll 2005)
  2. Re: CAPTCHA system in webDNA ( Kenneth Grome 2005)
  3. Re: CAPTCHA system in webDNA ( "Dan Strong" 2005)
  4. Re: CAPTCHA system in webDNA ( "Dan Strong" 2005)
  5. Re: CAPTCHA system in webDNA ( devaulw@onebox.com 2005)
  6. Re: CAPTCHA system in webDNA ( Kenneth Grome 2005)
  7. Re: CAPTCHA system in webDNA ( "Dan Strong" 2005)
  8. Re: CAPTCHA system in webDNA ( devaulw@onebox.com 2005)
  9. Re: CAPTCHA system in webDNA ( Kenneth Grome 2005)
  10. Re: CAPTCHA system in webDNA ( "Dan Strong" 2005)
  11. Re: CAPTCHA system in webDNA ( Justin Carroll 2005)
  12. Re: CAPTCHA system in webDNA ( Clint Davis 2005)
  13. Re: CAPTCHA system in webDNA ( Kenneth Grome 2005)
  14. Re: CAPTCHA system in webDNA ( "Dan Strong" 2005)
  15. Re: CAPTCHA system in webDNA ( Justin Carroll 2005)
  16. CAPTCHA system in webDNA ( devaulw@onebox.com 2005)
> Here is the random password-generator code, currently in use at SearchBoise.com, which I based >largely on code I got on the list from Brian Fries: Um, I based the pass-gen code on Brian's code...I did not base SearchBoise.com on Brian's code, in case anyone misunderstood my poorly-constructed sentence. :) -Dan On Wed, 19 Jan 2005 17:03:05 -0800 "Dan Strong" wrote: > Bill, > > Here is the random password-generator code, currently in use at SearchBoise.com, which I based >largely on code I got on the list from Brian Fries: > ----------------------------------- > [text]tPasswordLength=8[/text] > [text]tChars=abcdefghijkmpqrstuvwxyz23456789ABCDEFGHJKLMNPQRSTUVWXYZ23456789[/text] > [text]tMax=[countchars][tChars][/countchars][/text] > [text]tPass=[/text] > [loop start=1&end=[tPasswordLength]] > [text]tX=[math]ceil([random format=float]*[tMax])[/math][/text] > [text]tPass=[tPass][getchars start=[tX]&end=[tX]][tChars][/getchars][/text] > [/loop] > [tPass] > ----------------------------------- > > You can change [PasswordLength] to whatever you need, so if you wanted to generate a 128 >character key, for instance, change it to 128. > > Also, for my purposes, I removed any characters that would be 'confusing' (e.g. 1 & l, O &0), >but you can have whatever characters you like in the [tChars] variable. > > Go to http://www.SearchBoise.com/ip.html to see a sample of this code in action (refresh the >page to change it). > > -Dan > > > > > > > > On Wed, 19 Jan 2005 15:56:25 -0500 > devaulw@onebox.com wrote: >> Here's my thinking on this: >> >> The idea I had was to send the link you suggest with an unsubscribe request email but provide a >>verification page that requires the image to be input. The method Ken proposed would permit the >>request and then allow automated unsubscribe attempts. Not a bad proposal if the brute force >>attempts go to waste. Here's how I think I'll deter the brute force attempts. I can permit only >>a few attempts before >>sending another email. At least then a user knows their subscription is being hacked. "If you >>did not request this, please let us know. Someone may be trying to unsubscribe your email >>account." I can be copied on these emails. I can also make a key (Ken used a cart but Dan >>proposed a password generator that could be >>stronger) that makes the attempts not worth a brute force attack. Dan, can you share that >>password generating code? If all this fails, I can implement the CAPTCHA for when I detect >>failed attempts that resemble a >>bot/brute force attack. I still may use CAPTCHA for "email this page to a friend" so I need to >>pursue this idea further. Thanks everyone for your ideas in implementing some security on my >>CAN-SPAM compliance. >> >> Regards, >> Bill >> >> -----Original Message----- >>From: Kenneth Grome >> Sent: Thu, 20 Jan 2005 00:12:48 +0800 >> To: "WebDNA Talk" >> Subject: Re: CAPTCHA system in webDNA >> >> You're trying to prevent automatic email deletion from an opt-in mailing list? >> >> I wouldn't mess with the system you're suggesting at all. Instead when the visitor enters his >>(or someone else's) email address into the email field in your unsubscribe form, I would enter a >>unique value into the 'unsubscribe' field of his database record: >> >> [replace db=subscribers.db&eqemaildatarq=[email]]unsubscribe=[cart][/replace] >> >> .. and then in the same template I would send the visitor an email message with a URL that has >>that same unique value in it, like this: >> >> >> ************************************ >> "Someone entered your email address into the >> UNSUBSCRIBE page on our web site. If that person >> was you, and if you really want to unsubscribe, just >> click this link and we will unsubscribe you immediately:" >> >> http://domain.com/page.html?out=[cart] >> >> "But if you do NOT want to unsubscribe from our list, >> please just ignore this message, thanks." >> ************************************ >> >> >> The person who receives this email message may (or may not ) click that link. If he clicks the >>link, your webdna code simply deletes the only record in the subscribers database that has that >>unique 'out' value in the unsubscribe field: >> >> [delete db=subscribers.db&equnsubscribedatarq=[out]] >> >> Simple and efficient, and no images or other non-webdna tricks required. >> >> :) >> >> Sincerely, >> Kenneth Grome >> www.kengrome.com >> >> >> ------------------------------------------------------------- >> This message is sent to you because you are subscribed to >> the mailing list . >> To unsubscribe, E-mail to: >> To switch to the DIGEST mode, E-mail to >> Web Archive of this list is at: http://webdna.smithmicro.com/ > > > ------------------------------------------------------------- > This message is sent to you because you are subscribed to > the mailing list . > To unsubscribe, E-mail to: > To switch to the DIGEST mode, E-mail to > Web Archive of this list is at: http://webdna.smithmicro.com/ ------------------------------------------------------------- This message is sent to you because you are subscribed to the mailing list . To unsubscribe, E-mail to: To switch to the DIGEST mode, E-mail to Web Archive of this list is at: http://webdna.smithmicro.com/ "Dan Strong"

DOWNLOAD WEBDNA NOW!

Top Articles:

Talk List

The WebDNA community talk-list is the best place to get some help: several hundred extremely proficient programmers with an excellent knowledge of WebDNA and an excellent spirit will deliver all the tips and tricks you can imagine...

Related Readings:

[WebDNA] HTTP Streaming - POSSIBLE! (2010) WebCatalog (1998) Sort (2003) Caching problem... (2000) Where's Cart Created ? (1997) Protecting Images (2003) Authenticate (1997) displaying New products (using [date]) (1997) PCS Frames (1997) Transfer of data from Invoice to thank you templates (1998) [WebDNA] unix timestamp in WebDNA (2009) Problems searching from a FORM (1997) WebCat2b13MacPlugIn - [shownext method=post] ??? (1997) Formating found categories (1997) WCS Newbie question (1997) TeaRoom Order fields email account remain empty even thoughthewy are filled. (1997) pop up building with summarize (1998) How far do [showif]s go? (1997) 3.0 [TEXT] variables (1998) WebCat2 several catalogs? (1997)