Feature Requests item #1647307, was opened at 2007-01-29 09:27 Message generated for change (Comment added) made by kidproto You can respond by visiting: https://sourceforge.net/tracker/?func=detail&atid=559969&aid=1647307&group_id=80503
Please note that this message will contain a full copy of the comment thread, including the initial issue submission, for this request, not just the latest update. >Category: ccHost Group: None >Status: Open Priority: 3 Private: No Submitted By: Asheesh Laroia (paulproteus) Assigned to: Asheesh Laroia (paulproteus) Summary: ccHost's captcha sucks Initial Comment: It generates CAPTCHAs as lots of references to images whose number value can be deduced easily. This is insecure. If it were up to me, I'd use the same code that MediaWiki uses in its FancyCaptcha extension. That involves running Python and having a True Type font. If you don't want to go that route, I'm sure there are pure-PHP solutions that automate better CAPTCHAs, too. ---------------------------------------------------------------------- >Comment By: Jon Phillips (kidproto) Date: 2008-01-03 06:31 Message: Logged In: YES user_id=914868 Originator: NO Moved it to feature request...re-opened... ---------------------------------------------------------------------- Comment By: Victor Stone (fourstones) Date: 2008-01-02 17:04 Message: Logged In: YES user_id=489789 Originator: NO Closing this 'bug' as it is really a feature request. There is nothing in ccHost (from v1 on) that prevents someone from writing or hooking in a more acceptable captcha. ---------------------------------------------------------------------- Comment By: Jon Phillips (kidproto) Date: 2007-02-27 18:18 Message: Logged In: YES user_id=914868 Originator: NO paulproteus...why don't you fix it :) You called it, looks like you get to fix it ;) ---------------------------------------------------------------------- Comment By: Victor Stone (fourstones) Date: 2007-01-29 23:32 Message: Logged In: YES user_id=489789 Originator: NO that's true and we've thought a lot about this but it's been a low priority. There are however severe throttles in place for emailing other users and uploading, etc. If that's not enough for you because of sensitive data on the site the work around (for now) would be to run on a secure site. ---------------------------------------------------------------------- You can respond by visiting: https://sourceforge.net/tracker/?func=detail&atid=559969&aid=1647307&group_id=80503 _______________________________________________ cc-devel mailing list [email protected] http://lists.ibiblio.org/mailman/listinfo/cc-devel
