Re: CAPTCHA system in webDNA
This WebDNA talk-list message is from 2005
It keeps the original formatting.
numero = 60818
interpreted = N
texte = Hi Bill,Your proposed method looks like a good extension of my suggestion, especially the use of a randomly generated password. [cart] creates a value that looks too much like a number sometimes, and this might encourage hackers to run a brute force test on the page that's posted in the email.I also use a technique similar to the one Dan got from Brian Fries to generate virtually unique values, but I extend it even further by making the number of characters in each generated password value a random number between (for example) 10 and 20 characters. Then the hacker has one additional variable to deal with if he tries a brute force attack.I also like your idea to disable access to the page after X attempts from the same ip address within a pre-determined time period, because that would even further deter a brute force attack. After all, the valid password is already in the URL, which means the visitor from a specific ip address *should* get the password right on his very first attempt -- but certainly after a handful of failures this page should be 'turned off' for that ip address for an hour or so, and asking the visitor to try again later.Sincerely,Kenneth Gromewww.kengrome.com>-----Original Message----->From: Kenneth Grome
>Sent: Thu, 20 Jan 2005 00:12:48 +0800>To: "WebDNA Talk" >Subject: Re: CAPTCHA system in webDNA>>You're trying to prevent automatic email deletion from an opt-in mailing list?>>I wouldn't mess with the system you're suggesting at all. Instead >when the visitor enters his (or someone else's) email address into >the email field in your unsubscribe form, I would enter a unique >value into the 'unsubscribe' field of his database record:>>[replace db=subscribers.db&eqemaildatarq=[email]]unsubscribe=[cart][/replace]>>.. and then in the same template I would send the visitor an email >message with a URL that has that same unique value in it, like this:>>>************************************>"Someone entered your email address into the>UNSUBSCRIBE page on our web site. If that person>was you, and if you really want to unsubscribe, just>click this link and we will unsubscribe you immediately:">>http://domain.com/page.html?out=[cart]>>"But if you do NOT want to unsubscribe from our list,>please just ignore this message, thanks.">************************************>>>The person who receives this email message may (or may not ) click >that link. If he clicks the link, your webdna code simply deletes >the only record in the subscribers database that has that unique >'out' value in the unsubscribe field:>>[delete db=subscribers.db&equnsubscribedatarq=[out]]>>Simple and efficient, and no images or other non-webdna tricks required.>>:)>>Sincerely,>Kenneth Grome>www.kengrome.com-- -------------------------------------------------------------This message is sent to you because you are subscribed to the mailing list .To unsubscribe, E-mail to: To switch to the DIGEST mode, E-mail to Web Archive of this list is at: http://webdna.smithmicro.com/
Associated Messages, from the most recent to the oldest:
Hi Bill,Your proposed method looks like a good extension of my suggestion, especially the use of a randomly generated password. [cart] creates a value that looks too much like a number sometimes, and this might encourage hackers to run a brute force test on the page that's posted in the email.I also use a technique similar to the one Dan got from Brian Fries to generate virtually unique values, but I extend it even further by making the number of characters in each generated password value a random number between (for example) 10 and 20 characters. Then the hacker has one additional variable to deal with if he tries a brute force attack.I also like your idea to disable access to the page after X attempts from the same ip address within a pre-determined time period, because that would even further deter a brute force attack. After all, the valid password is already in the URL, which means the visitor from a specific ip address *should* get the password right on his very first attempt -- but certainly after a handful of failures this page should be 'turned off' for that ip address for an hour or so, and asking the visitor to try again later.Sincerely,Kenneth Gromewww.kengrome.com>-----Original Message----->From: Kenneth Grome >Sent: Thu, 20 Jan 2005 00:12:48 +0800>To: "WebDNA Talk" >Subject: Re: CAPTCHA system in webDNA>>You're trying to prevent automatic email deletion from an opt-in mailing list?>>I wouldn't mess with the system you're suggesting at all. Instead >when the visitor enters his (or someone else's) email address into >the email field in your unsubscribe form, I would enter a unique >value into the 'unsubscribe' field of his database record:>>[replace db=subscribers.db&eqemaildatarq=[email]]unsubscribe=[cart][/replace]>>.. and then in the same template I would send the visitor an email >message with a URL that has that same unique value in it, like this:>>>************************************>"Someone entered your email address into the>UNSUBSCRIBE page on our web site. If that person>was you, and if you really want to unsubscribe, just>click this link and we will unsubscribe you immediately:">>http://domain.com/page.html?out=[cart]>>"But if you do NOT want to unsubscribe from our list,>please just ignore this message, thanks.">************************************>>>The person who receives this email message may (or may not ) click >that link. If he clicks the link, your webdna code simply deletes >the only record in the subscribers database that has that unique >'out' value in the unsubscribe field:>>[delete db=subscribers.db&equnsubscribedatarq=[out]]>>Simple and efficient, and no images or other non-webdna tricks required.>>:)>>Sincerely,>Kenneth Grome>www.kengrome.com-- -------------------------------------------------------------This message is sent to you because you are subscribed to the mailing list .To unsubscribe, E-mail to: To switch to the DIGEST mode, E-mail to Web Archive of this list is at: http://webdna.smithmicro.com/
Kenneth Grome
DOWNLOAD WEBDNA NOW!
Top Articles:
Talk List
The WebDNA community talk-list is the best place to get some help: several hundred extremely proficient programmers with an excellent knowledge of WebDNA and an excellent spirit will deliver all the tips and tricks you can imagine...
Related Readings:
[WebDNA] SHA-512 How To Do It (2014)
SHOWIF/HIDEIF empty fields (2005)
Round up prices (2000)
[convertChars] and in a textarea on a form (1998)
Can't use old cart file (was One more try) (1997)
Navigator 4.01 (1997)
Progress !! WAS: Trouble with formula.db (1997)
Bug when including a db file ... ? (2000)
AppleScript: Tell application:app location? (1998)
Summing fields (1997)
Re:quit command on NT (1997)
Error: Error: expected [/APPLICATION] ??? (1998)
Plugin or CGI or both (1997)
Running _every_ page through WebCat ? (1997)
Rendering out a page (1997)
MD5 Encryption (2003)
Summing fields (1997)
UK credit card info follow-up (1997)
Store Builder Question (1999)
auto-stripping of spaces (1997)