Re: cfmx and CAPTCHA
Sure, I'd be happy to offer 20% off the $50 license to anyone at all though June 31st. Send me an email via the Contact Us form on alagad.com and I'll hook you up. Doug Hughes On Mon, 21 Jun 2004 13:44:43 -0400, Burns, John D <[EMAIL PROTECTED]> wrote: > > Doug, > > Any break on your Image Manipulation CFC for fellow CF-Talkers? Just > figured I'd ask :-) > > John > > -Original Message- > From: Doug Hughes [mailto:[EMAIL PROTECTED] > Sent: Monday, June 21, 2004 11:57 AM > To: CF-Talk > Subject: Re: cfmx and CAPTCHA > > 1) Hi Joe! > > 2) I talked to Ben Forta when he came to the DC WAMMO meeting about the > CFCs being replicated across clustered servers. His answer, in a > nutshell was that they didn't have the time to do it. He also indicated > that there was a good chance that it would be supported in the future. > However, I know nothing about blackstone. > > Doug Hughes > (Check out my ColdFusion Image Manipulation CFC at > http://www.alagad.com/index.cfm/name-aic) > > On Fri, 18 Jun 2004 17:50:58 +0100, Kola Oyedeji > <[EMAIL PROTECTED]> wrote: > > > > Apparently Blue dragon can but I haven't tried it ;-) > > > > KOla > > > > -Original Message- > > From: Dave Watts [mailto:[EMAIL PROTECTED] > > Sent: 18 June 2004 13:43 > > To: CF-Talk > > Subject: RE: cfmx and CAPTCHA > > > > > why don't CFC instances go across cluster members? > > > > I don't really know why they don't, just that they don't. I suspect > > that JRun has some sort of serializer to write its own session > > variables to strings, and that this serializer doesn't know what to do > > > with CFC instances, but I really don't know for certain. > > > > Dave Watts, CTO, Fig Leaf Software > > http://www.figleaf.com/ > > phone: 202-797-5496 > > fax: 202-797-5444 > > _ > > > > > > [Todays Threads] [This Message] [Subscription] [Fast Unsubscribe] [User Settings] [Donations and Support]
Re: cfmx and CAPTCHA
Still working on it - :-) == Our Anti-spam solution works!! http://www.clickdoug.com/mailfilter.cfm For hosting solutions http://www.clickdoug.com http://www.forta.com/cf/isp/isp.cfm?isp_id=1069 == - Original Message - From: Burns, John D To: CF-Talk Sent: Monday, June 21, 2004 12:44 PM Subject: RE: cfmx and CAPTCHA Doug, Any break on your Image Manipulation CFC for fellow CF-Talkers? Just figured I'd ask :-) John -Original Message- From: Doug Hughes [mailto:[EMAIL PROTECTED] Sent: Monday, June 21, 2004 11:57 AM To: CF-Talk Subject: Re: cfmx and CAPTCHA 1) Hi Joe! 2) I talked to Ben Forta when he came to the DC WAMMO meeting about the CFCs being replicated across clustered servers. His answer, in a nutshell was that they didn't have the time to do it. He also indicated that there was a good chance that it would be supported in the future. However, I know nothing about blackstone. Doug Hughes (Check out my ColdFusion Image Manipulation CFC at http://www.alagad.com/index.cfm/name-aic) On Fri, 18 Jun 2004 17:50:58 +0100, Kola Oyedeji <[EMAIL PROTECTED]> wrote: > > Apparently Blue dragon can but I haven't tried it ;-) > > KOla > > -Original Message- > From: Dave Watts [mailto:[EMAIL PROTECTED] > Sent: 18 June 2004 13:43 > To: CF-Talk > Subject: RE: cfmx and CAPTCHA > > > why don't CFC instances go across cluster members? > > I don't really know why they don't, just that they don't. I suspect > that JRun has some sort of serializer to write its own session > variables to strings, and that this serializer doesn't know what to do > with CFC instances, but I really don't know for certain. > > Dave Watts, CTO, Fig Leaf Software > http://www.figleaf.com/ > phone: 202-797-5496 > fax: 202-797-5444 > _ > > [Todays Threads] [This Message] [Subscription] [Fast Unsubscribe] [User Settings] [Donations and Support]
RE: cfmx and CAPTCHA
Doug, Any break on your Image Manipulation CFC for fellow CF-Talkers? Just figured I'd ask :-) John -Original Message- From: Doug Hughes [mailto:[EMAIL PROTECTED] Sent: Monday, June 21, 2004 11:57 AM To: CF-Talk Subject: Re: cfmx and CAPTCHA 1) Hi Joe! 2) I talked to Ben Forta when he came to the DC WAMMO meeting about the CFCs being replicated across clustered servers. His answer, in a nutshell was that they didn't have the time to do it. He also indicated that there was a good chance that it would be supported in the future. However, I know nothing about blackstone. Doug Hughes (Check out my ColdFusion Image Manipulation CFC at http://www.alagad.com/index.cfm/name-aic) On Fri, 18 Jun 2004 17:50:58 +0100, Kola Oyedeji <[EMAIL PROTECTED]> wrote: > > Apparently Blue dragon can but I haven't tried it ;-) > > KOla > > -Original Message- > From: Dave Watts [mailto:[EMAIL PROTECTED] > Sent: 18 June 2004 13:43 > To: CF-Talk > Subject: RE: cfmx and CAPTCHA > > > why don't CFC instances go across cluster members? > > I don't really know why they don't, just that they don't. I suspect > that JRun has some sort of serializer to write its own session > variables to strings, and that this serializer doesn't know what to do > with CFC instances, but I really don't know for certain. > > Dave Watts, CTO, Fig Leaf Software > http://www.figleaf.com/ > phone: 202-797-5496 > fax: 202-797-5444 > _ > > [Todays Threads] [This Message] [Subscription] [Fast Unsubscribe] [User Settings] [Donations and Support]
Re: cfmx and CAPTCHA
1) Hi Joe! 2) I talked to Ben Forta when he came to the DC WAMMO meeting about the CFCs being replicated across clustered servers. His answer, in a nutshell was that they didn't have the time to do it. He also indicated that there was a good chance that it would be supported in the future. However, I know nothing about blackstone. Doug Hughes (Check out my ColdFusion Image Manipulation CFC at http://www.alagad.com/index.cfm/name-aic) On Fri, 18 Jun 2004 17:50:58 +0100, Kola Oyedeji <[EMAIL PROTECTED]> wrote: > > Apparently Blue dragon can but I haven't tried it ;-) > > KOla > > -Original Message- > From: Dave Watts [mailto:[EMAIL PROTECTED] > Sent: 18 June 2004 13:43 > To: CF-Talk > Subject: RE: cfmx and CAPTCHA > > > why don't CFC instances go across cluster members? > > I don't really know why they don't, just that they don't. I suspect that > JRun has some sort of serializer to write its own session variables to > strings, and that this serializer doesn't know what to do with CFC > instances, but I really don't know for certain. > > Dave Watts, CTO, Fig Leaf Software > http://www.figleaf.com/ > phone: 202-797-5496 > fax: 202-797-5444 > _ > > [Todays Threads] [This Message] [Subscription] [Fast Unsubscribe] [User Settings] [Donations and Support]
RE: cfmx and CAPTCHA
Apparently Blue dragon can but I haven't tried it ;-) KOla -Original Message- From: Dave Watts [mailto:[EMAIL PROTECTED] Sent: 18 June 2004 13:43 To: CF-Talk Subject: RE: cfmx and CAPTCHA > why don't CFC instances go across cluster members? I don't really know why they don't, just that they don't. I suspect that JRun has some sort of serializer to write its own session variables to strings, and that this serializer doesn't know what to do with CFC instances, but I really don't know for certain. Dave Watts, CTO, Fig Leaf Software http://www.figleaf.com/ phone: 202-797-5496 fax: 202-797-5444 _ [Todays Threads] [This Message] [Subscription] [Fast Unsubscribe] [User Settings] [Donations and Support]
RE: cfmx and CAPTCHA
> why don't CFC instances go across cluster members? I don't really know why they don't, just that they don't. I suspect that JRun has some sort of serializer to write its own session variables to strings, and that this serializer doesn't know what to do with CFC instances, but I really don't know for certain. Dave Watts, CTO, Fig Leaf Software http://www.figleaf.com/ phone: 202-797-5496 fax: 202-797-5444 [Todays Threads] [This Message] [Subscription] [Fast Unsubscribe] [User Settings] [Donations and Support]
RE: cfmx and CAPTCHA
Hey Dave, feel free to lecture, I've learned from you before: why don't CFC instances go across cluster members? I imagine it'd probably be self-evident if I knew anything about the mechanics of session sharing across JRun, but I don't. Thanks, Joe -Original Message- From: Dave Watts [mailto:[EMAIL PROTECTED] Sent: Fri 6/18/2004 8:34 AM To: CF-Talk Cc: Subject: RE: cfmx and CAPTCHA > Session variables are useless on clustered servers (no > lectures on sticky sessions please they are a waste of > time) I won't lecture you, but I would like to point out that you can share Session variables across cluster members using CFMX on Jrun, although you can't use CFC instances within the Session scope that way. Also, I would disagree that sticky sessions are a "waste of time". If your primary goal for clustering is simply to add throughput, there's nothing wrong with using sticky sessions. Dave Watts, CTO, Fig Leaf Software http://www.figleaf.com/ phone: 202-797-5496 fax: 202-797-5444 _ [Todays Threads] [This Message] [Subscription] [Fast Unsubscribe] [User Settings] [Donations and Support]
RE: cfmx and CAPTCHA
> Session variables are useless on clustered servers (no > lectures on sticky sessions please they are a waste of > time) I won't lecture you, but I would like to point out that you can share Session variables across cluster members using CFMX on Jrun, although you can't use CFC instances within the Session scope that way. Also, I would disagree that sticky sessions are a "waste of time". If your primary goal for clustering is simply to add throughput, there's nothing wrong with using sticky sessions. Dave Watts, CTO, Fig Leaf Software http://www.figleaf.com/ phone: 202-797-5496 fax: 202-797-5444 [Todays Threads] [This Message] [Subscription] [Fast Unsubscribe] [User Settings] [Donations and Support]
Re: cfmx and CAPTCHA
Ryan, anyway we can change the background image with your tag? Ryan Emerle wrote: > I have posted the tag i created on my site. You can grab a copy from here: > > http://www.emerle.net/programming/display.cfm/t/cfx_captcha > > Included is an example file which shows how you can use session variables. > > Basically, the example file will act as an image. You simply add an > IMG tag pointing to that file: > > > And it will serve up the generated image with CFCONTENT right after it > sets the session variable. All you have to do is check the posted > value against the session value. Of course, you will have to watch > out for session timeouts.. :) [Todays Threads] [This Message] [Subscription] [Fast Unsubscribe] [User Settings] [Donations and Support]
RE: cfmx and CAPTCHA
> I'm not saying it ever receives that variable. However, > CF somehow associates that session with that client, > therefore, the spider appears to be a valid client. I would go a step farther and say that it is a valid client. There's no difference between one HTTP client and another, from the web server's perspective, beyond the User-Agent string that each client sends to identify itself. > Once it has the session, what keeps it from posting a > million times on that session? Your code would have to prevent this, if you didn't want it to be a possibility. > CF has to set something on the client (cookie or token or > something) to keep the session alive, and couldn't the > browser/spider spoof that? If by "spoof", you mean that one HTTP client could send a token that belonged to another HTTP client, yes. If one HTTP client simply returns the same token it received, it's not spoofing anything, whether it's a spider or a browser. Dave Watts, CTO, Fig Leaf Software http://www.figleaf.com/ phone: 202-797-5496 fax: 202-797-5444 [Todays Threads] [This Message] [Subscription] [Fast Unsubscribe] [User Settings] [Donations and Support]
Re: cfmx and CAPTCHA
Burns, John D wrote: > Well, I'm just trying to figure out why it wouldn't be easier to have a > unique string passed with each request that is also tied to the correct > "answer" for the image. There is nothing wrong with that if you store it in the session. That way, the spider could not post multiple > times with the same unique string. It just seems like that would even > rule out the brute force attempt. You can do that by setting another session var that only allows them to post within a certain time period on a certain form. [Todays Threads] [This Message] [Subscription] [Fast Unsubscribe] [User Settings] [Donations and Support]
RE: cfmx and CAPTCHA
Well, I'm just trying to figure out why it wouldn't be easier to have a unique string passed with each request that is also tied to the correct "answer" for the image. That way, the spider could not post multiple times with the same unique string. It just seems like that would even rule out the brute force attempt. John -Original Message- From: Bryan F. Hogan [mailto:[EMAIL PROTECTED] Sent: Thursday, June 17, 2004 10:57 AM To: CF-Talk Subject: Re: cfmx and CAPTCHA It could loop over the URL. But if the string for the image is stored in the session and compiled into the image, the only way it could figure it out would to be use brute force (guessing over and over again), decompiling the image and trying to read what is the text, or using OCR. 1 and 2 are over complicated for most people, and OCR would be difficult if you chose a good image with a good text format on it. None are fool proof. But mine and Ryan's idea is the best bet for most situations. You just have to have a good string and a good background image. Burns, John D wrote: > Right, but what I'm saying is that once it has the cfid and cftoken, > couldn't it loop over a url passing possible texts for the image (thus > keeping the same session) [Todays Threads] [This Message] [Subscription] [Fast Unsubscribe] [User Settings] [Donations and Support]
Re: cfmx and CAPTCHA
It could loop over the URL. But if the string for the image is stored in the session and compiled into the image, the only way it could figure it out would to be use brute force (guessing over and over again), decompiling the image and trying to read what is the text, or using OCR. 1 and 2 are over complicated for most people, and OCR would be difficult if you chose a good image with a good text format on it. None are fool proof. But mine and Ryan's idea is the best bet for most situations. You just have to have a good string and a good background image. Burns, John D wrote: > Right, but what I'm saying is that once it has the cfid and cftoken, > couldn't it loop over a url passing possible texts for the image (thus > keeping the same session) [Todays Threads] [This Message] [Subscription] [Fast Unsubscribe] [User Settings] [Donations and Support]
RE: cfmx and CAPTCHA
Right, but what I'm saying is that once it has the cfid and cftoken, couldn't it loop over a url passing possible texts for the image (thus keeping the same session) John -Original Message- From: Bryan F. Hogan [mailto:[EMAIL PROTECTED] Sent: Thursday, June 17, 2004 10:40 AM To: CF-Talk Subject: Re: cfmx and CAPTCHA CFID and CFTOKEN are stored for that session. CF maps that internally to the to retrieve the session. Even if the spider read the CFID and CFTOKEN values, there is no way it could then tell CF to try and map it to retrieve the session. And even if it could, it couldn' read the value of the session var. Burns, John D wrote: > I'm not saying it ever receives that variable. However, CF somehow > associates that session with that client, therefore, the spider > appears to be a valid client. Once it has the session, what keeps it > from posting a million times on that session? CF has to set something > on the client (cookie or token or something) to keep the session > alive, and couldn't the browser/spider spoof that? [Todays Threads] [This Message] [Subscription] [Fast Unsubscribe] [User Settings] [Donations and Support]
Re: cfmx and CAPTCHA
CFID and CFTOKEN are stored for that session. CF maps that internally to the to retrieve the session. Even if the spider read the CFID and CFTOKEN values, there is no way it could then tell CF to try and map it to retrieve the session. And even if it could, it couldn' read the value of the session var. Burns, John D wrote: > I'm not saying it ever receives that variable. However, CF somehow > associates that session with that client, therefore, the spider appears > to be a valid client. Once it has the session, what keeps it from > posting a million times on that session? CF has to set something on the > client (cookie or token or something) to keep the session alive, and > couldn't the browser/spider spoof that? [Todays Threads] [This Message] [Subscription] [Fast Unsubscribe] [User Settings] [Donations and Support]
Re: cfmx and CAPTCHA
Since when can you store the session in anything other than memory? It's client variables that you can change the storage mechanism for. Thomas Chiverton wrote: > If you use cookies as your session storage, yes. [Todays Threads] [This Message] [Subscription] [Fast Unsubscribe] [User Settings] [Donations and Support]
Re: cfmx and CAPTCHA
On Thursday 17 Jun 2004 15:30 pm, Pascal Peters wrote: > AFAIK you can use cookies for client staorage but not for session > storage :blaims liquid lunch and goes back to the corner :-) -- Tom Chiverton Advanced ColdFusion Programmer Tel: +44(0)1749 834997 email: [EMAIL PROTECTED] BlueFinger Limited Underwood Business Park Wookey Hole Road, WELLS. BA5 1AF Tel: +44 (0)1749 834900 Fax: +44 (0)1749 834901 web: www.bluefinger.com Company Reg No: 4209395 Registered Office: 2 Temple Back East, Temple Quay, BRISTOL. BS1 6EG. *** This E-mail contains confidential information for the addressee only. If you are not the intended recipient, please notify us immediately. You should not use, disclose, distribute or copy this communication if received in error. No binding contract will result from this e-mail until such time as a written document is signed on behalf of the company. BlueFinger Limited cannot accept responsibility for the completeness or accuracy of this message as it has been transmitted over public networks.*** [Todays Threads] [This Message] [Subscription] [Fast Unsubscribe] [User Settings] [Donations and Support]
RE: cfmx and CAPTCHA
AFAIK you can use cookies for client staorage but not for session storage > -Original Message- > From: Thomas Chiverton [mailto:[EMAIL PROTECTED] > Sent: donderdag 17 juni 2004 16:27 > To: CF-Talk > Subject: Re: cfmx and CAPTCHA > > On Thursday 17 Jun 2004 15:16 pm, Bryan F. Hogan wrote: > > A session value passes in a HTTP header? > > If you use cookies as your session storage, yes. > > -- > Tom Chiverton [Todays Threads] [This Message] [Subscription] [Fast Unsubscribe] [User Settings] [Donations and Support]
RE: cfmx and CAPTCHA
I'm not saying it ever receives that variable. However, CF somehow associates that session with that client, therefore, the spider appears to be a valid client. Once it has the session, what keeps it from posting a million times on that session? CF has to set something on the client (cookie or token or something) to keep the session alive, and couldn't the browser/spider spoof that? John -Original Message- From: Bryan F. Hogan [mailto:[EMAIL PROTECTED] Sent: Thursday, June 17, 2004 10:16 AM To: CF-Talk Subject: Re: cfmx and CAPTCHA A session value passes in a HTTP header? Burns, John D wrote: > I don't think he's saying that the spider can _read_ the session var, > but if you set one and it is passed to the next page, the spider will > have it and then all it needs to do is figure out the image. [Todays Threads] [This Message] [Subscription] [Fast Unsubscribe] [User Settings] [Donations and Support]
Re: cfmx and CAPTCHA
Good, just making sure that I haven't been making myself sound like an a** > That's correct. Neither can a browser. All a browser can do is send > identifying tokens like cookies or URL variables back to the server, which > can then read Session variables and use them within the program that > generates the response to the browser's request. [Todays Threads] [This Message] [Subscription] [Fast Unsubscribe] [User Settings] [Donations and Support]
Re: cfmx and CAPTCHA
On Thursday 17 Jun 2004 15:16 pm, Bryan F. Hogan wrote: > A session value passes in a HTTP header? If you use cookies as your session storage, yes. -- Tom Chiverton Advanced ColdFusion Programmer Tel: +44(0)1749 834997 email: [EMAIL PROTECTED] BlueFinger Limited Underwood Business Park Wookey Hole Road, WELLS. BA5 1AF Tel: +44 (0)1749 834900 Fax: +44 (0)1749 834901 web: www.bluefinger.com Company Reg No: 4209395 Registered Office: 2 Temple Back East, Temple Quay, BRISTOL. BS1 6EG. *** This E-mail contains confidential information for the addressee only. If you are not the intended recipient, please notify us immediately. You should not use, disclose, distribute or copy this communication if received in error. No binding contract will result from this e-mail until such time as a written document is signed on behalf of the company. BlueFinger Limited cannot accept responsibility for the completeness or accuracy of this message as it has been transmitted over public networks.*** [Todays Threads] [This Message] [Subscription] [Fast Unsubscribe] [User Settings] [Donations and Support]
RE: cfmx and CAPTCHA
> > A spider is nothing more than another HTTP client. It can > > do anything that any HTTP client can do, and it can't do > > things that HTTP doesn't allow. So, to answer a question > > like this, all you have to do is ask "can I do that with > > a browser". If yes, then it can be done with a spider, and > > if no, it can't. > > I don't remember the specifics Dave, but if I'm not mistaken, > you said before that a spider could _not_ read a session var. That's correct. Neither can a browser. All a browser can do is send identifying tokens like cookies or URL variables back to the server, which can then read Session variables and use them within the program that generates the response to the browser's request. Dave Watts, CTO, Fig Leaf Software http://www.figleaf.com/ phone: 202-797-5496 fax: 202-797-5444 [Todays Threads] [This Message] [Subscription] [Fast Unsubscribe] [User Settings] [Donations and Support]
Re: cfmx and CAPTCHA
I like yours Ryan. I would try and make the key a little stronger. Ryan Emerle wrote: > I have posted the tag i created on my site. You can grab a copy from here: > > http://www.emerle.net/programming/display.cfm/t/cfx_captcha > > Included is an example file which shows how you can use session variables. > > Basically, the example file will act as an image. You simply add an > IMG tag pointing to that file: > > > And it will serve up the generated image with CFCONTENT right after it > sets the session variable. All you have to do is check the posted > value against the session value. Of course, you will have to watch > out for session timeouts.. :) > > It's not fool-proof, but it gets the job done.. :) [Todays Threads] [This Message] [Subscription] [Fast Unsubscribe] [User Settings] [Donations and Support]
Re: cfmx and CAPTCHA
A session value passes in a HTTP header? Burns, John D wrote: > I don't think he's saying that the spider can _read_ the session var, > but if you set one and it is passed to the next page, the spider will > have it and then all it needs to do is figure out the image. [Todays Threads] [This Message] [Subscription] [Fast Unsubscribe] [User Settings] [Donations and Support]
Re: cfmx and CAPTCHA
I have posted the tag i created on my site. You can grab a copy from here: http://www.emerle.net/programming/display.cfm/t/cfx_captcha Included is an example file which shows how you can use session variables. Basically, the example file will act as an image. You simply add an IMG tag pointing to that file: And it will serve up the generated image with CFCONTENT right after it sets the session variable. All you have to do is check the posted value against the session value. Of course, you will have to watch out for session timeouts.. :) It's not fool-proof, but it gets the job done.. :) -Ryan - Original Message - From: Whittingham, P <[EMAIL PROTECTED]> Date: Wed, 16 Jun 2004 15:54:39 -0400 Subject: cfmx and CAPTCHA To: CF-Talk <[EMAIL PROTECTED]> Hi All, How would one provide a cfmx-only solution (no .Net) for a 'CAPTCHA' solution. Any ideas would be appreciated. http://www.devx.com/dotnet/Article/21308 TIA, Patrick Whittingham United Space Alliance _ [Todays Threads] [This Message] [Subscription] [Fast Unsubscribe] [User Settings] [Donations and Support]
RE: cfmx and CAPTCHA
Bryan, I don't think he's saying that the spider can _read_ the session var, but if you set one and it is passed to the next page, the spider will have it and then all it needs to do is figure out the image. John -Original Message- From: Bryan F. Hogan [mailto:[EMAIL PROTECTED] Sent: Thursday, June 17, 2004 9:19 AM To: CF-Talk Subject: Re: cfmx and CAPTCHA > A spider is nothing more than another HTTP client. It can do anything > that any HTTP client can do, and it can't do things that HTTP doesn't > allow. So, to answer a question like this, all you have to do is ask > "can I do that with a browser". If yes, then it can be done with a > spider, and if no, it can't. I don't remember the specifics Dave, but if I'm not mistaken, you said before that a spider could _not_ read a session var. [Todays Threads] [This Message] [Subscription] [Fast Unsubscribe] [User Settings] [Donations and Support]
RE: cfmx and CAPTCHA
That was my thought. Thus, if it can get a session, it can continue to the next page without a problem. That's why the only way that seems feasible to me is to push an image to the client and for each request that the client makes for an image, associate that with a unique ID that you use kind of like a session. You know exactly what image you showed the user to begin with by associating that unique id to one of your images in your DB and therefore, the client must pass the appropriate unique ID (either through session or hidden form field) and the correct text from the image. Once submitted, you clear out the record with the unique id from the database so the person can't submit multiple requests with the same unique id and image text. John -Original Message- From: Dave Watts [mailto:[EMAIL PROTECTED] Sent: Wednesday, June 16, 2004 7:02 PM To: CF-Talk Subject: RE: cfmx and CAPTCHA > > Couldn't a spider just as easily pick up a session var? > > Now this is where I'm not 100% sure. I have been doing some research > and as far as I can tell it can not. I'm open to be proven wrong. A spider is nothing more than another HTTP client. It can do anything that any HTTP client can do, and it can't do things that HTTP doesn't allow. So, to answer a question like this, all you have to do is ask "can I do that with a browser". If yes, then it can be done with a spider, and if no, it can't. Dave Watts, CTO, Fig Leaf Software http://www.figleaf.com/ phone: 202-797-5496 fax: 202-797-5444 [Todays Threads] [This Message] [Subscription] [Fast Unsubscribe] [User Settings] [Donations and Support]
Re: cfmx and CAPTCHA
Aren't there a finite number of different combinations of a number between 1 and 6? And you're saving that variable to the page? If so that can be picked up and eventually guessed. Adam Hope wrote: > Create a Java CFX which randomly uses a True Type Font from a zip file > and randomly picks 6 characters to be displayed in a JPEG file. It > writes the image fiel to the filesystem so you can display it on the > page. It also returns (as a coldfusion variable) the six characters that > it has chosen to put in the image. eg. [Todays Threads] [This Message] [Subscription] [Fast Unsubscribe] [User Settings] [Donations and Support]
Re: cfmx and CAPTCHA
> A spider is nothing more than another HTTP client. It can do anything that > any HTTP client can do, and it can't do things that HTTP doesn't allow. So, > to answer a question like this, all you have to do is ask "can I do that > with a browser". If yes, then it can be done with a spider, and if no, it > can't. I don't remember the specifics Dave, but if I'm not mistaken, you said before that a spider could _not_ read a session var. [Todays Threads] [This Message] [Subscription] [Fast Unsubscribe] [User Settings] [Donations and Support]
RE: cfmx and CAPTCHA
Hi All, After having read through everyones posts here is how I actually did it and its currently running today on a site that gets 2000 new registrations a day. BTW this will run on CF 4.5 and up: Create a Java CFX which randomly uses a True Type Font from a zip file and randomly picks 6 characters to be displayed in a JPEG file. It writes the image fiel to the filesystem so you can display it on the page. It also returns (as a coldfusion variable) the six characters that it has chosen to put in the image. eg. You then immediately hash the contents of the variable and place it in a hidden form field Then have an input box for the users to type into And finally on the page the form posts to you compare the hidden form field value 'hashcode' to the hash value of whatever the user entered. If this is the same then they entered the string correctly if( hash( form_ivchars ) EQ form_hashcode ){ success = 1; } And there you have it. I'll have a word with the powers that be and see if I can give the source code out. Please don't get your hopes up though. Adam Hope Development Team Leader Wanadoo UK PLC www.smartgroups.com -Original Message- From: Whittingham, P [mailto:[EMAIL PROTECTED] Sent: 16 June 2004 20:55 To: CF-Talk Subject: cfmx and CAPTCHA Hi All, How would one provide a cfmx-only solution (no .Net) for a 'CAPTCHA' solution. Any ideas would be appreciated. http://www.devx.com/dotnet/Article/21308 TIA, Patrick Whittingham United Space Alliance _ _ [Todays Threads] [This Message] [Subscription] [Fast Unsubscribe] [User Settings] [Donations and Support]
Re: cfmx and CAPTCHA
Take a look here: http://www.emerle.net/comments/view.cfm/p/152 - Original Message - From: Whittingham, P <[EMAIL PROTECTED]> Date: Wed, 16 Jun 2004 15:54:39 -0400 Subject: cfmx and CAPTCHA To: CF-Talk <[EMAIL PROTECTED]> Hi All, How would one provide a cfmx-only solution (no .Net) for a 'CAPTCHA' solution. Any ideas would be appreciated. http://www.devx.com/dotnet/Article/21308 TIA, Patrick Whittingham United Space Alliance _ [Todays Threads] [This Message] [Subscription] [Fast Unsubscribe] [User Settings] [Donations and Support]
Re: cfmx and CAPTCHA
Dave Watts wrote: > > > Couldn't a spider just as easily pick up a session var? > > > > Now this is where I'm not 100% sure. I have been doing some > > research and as far as I can tell it can not. I'm open to be > > proven wrong. Since session variables are stored in memory on the server, the spider cannot access them. Neither can the browser, for that matter. - Rick [Todays Threads] [This Message] [Subscription] [Fast Unsubscribe] [User Settings] [Donations and Support]
RE: cfmx and CAPTCHA
> > Couldn't a spider just as easily pick up a session var? > > Now this is where I'm not 100% sure. I have been doing some > research and as far as I can tell it can not. I'm open to be > proven wrong. A spider is nothing more than another HTTP client. It can do anything that any HTTP client can do, and it can't do things that HTTP doesn't allow. So, to answer a question like this, all you have to do is ask "can I do that with a browser". If yes, then it can be done with a spider, and if no, it can't. Dave Watts, CTO, Fig Leaf Software http://www.figleaf.com/ phone: 202-797-5496 fax: 202-797-5444 [Todays Threads] [This Message] [Subscription] [Fast Unsubscribe] [User Settings] [Donations and Support]
Re: cfmx and CAPTCHA
It depends on how random your number was. Because that number can be extracted and algorithms written to guess what string would be returned. And it could keep doing this over and over again. So if your number is near unique and sufficiently long such as a uuid and also be able to be converted into a string short enough to be manageable by a user. Then there is no problem with your method. However, anything that you put in the body of the code, is another clue to your algorithm behind the scenes. Remember there are a lot of smart 6 year olds out there that can easily make us look like an embryo. ;-) So long story short, if the random number is stored in the session. Then no clues would be left. So then they would have to rely on brute force, trying to decode and guess what the string was from the image, or make a more powerful OCR system. Adam Howitt wrote: > Which part of this would fail? [Todays Threads] [This Message] [Subscription] [Fast Unsubscribe] [User Settings] [Donations and Support]
Re: cfmx and CAPTCHA
Read what text? The clear text is just a one way key. They have to provide the correct word which is never passed to the form. e.g. Pass MyRandomNumber = 1234567 to obfuscater to get an image with the word 'awwwYeah' cleverly hidden behind some garbage to make it hard to decode. Spider has no way of knowing the 'awwwYeah' piece since all the first page has is the image and the random number. submit guess 'thisIsWhack' as the guess to the cfm page Obfuscater returns false since when the second obfuscater function looks up the word for random number 1234567 it differs from the other function value so it fails. Which part of this would fail? - Original Message - From: Bryan F. Hogan <[EMAIL PROTECTED]> Date: Wed, 16 Jun 2004 17:06:35 -0400 Subject: Re: cfmx and CAPTCHA To: CF-Talk <[EMAIL PROTECTED]> And of course the spider can read that text and pass it to the validateEntry function and post to your form over, and over, and over again. Anything stored in the page can be read and posted as if it where typed in by the user. Adam Howitt wrote: > A web service called Obfuscater.cfc with 2 methods: > 1. imageType getImage(String myRandomNumber) > This uses cfcontent to create an image based on the random number, > pick a word to use and send it back to the browser as an image. > 2. boolean validateEntry(String myRandomNumber, String userGuess) > Regens the same word from part 1 with myRandomNumber and compares the > result to the userGuess and returns true or false. > > myRandomNumber is passed from page to page even as text since the > decode logic is all kept in the validateEntry piece. [Todays Threads] [This Message] [Subscription] [Fast Unsubscribe] [User Settings] [Donations and Support]
RE: cfmx and CAPTCHA
Check out this posting for a Java CFX custom CAPTCHA solution from Ryan Emerle: http://www.emerle.net/comments/view.cfm/p/152 > -Original Message- > From: Whittingham, P [mailto:[EMAIL PROTECTED] > Sent: Wednesday, June 16, 2004 3:55 PM > To: CF-Talk > Subject: cfmx and CAPTCHA > > Hi All, > > > How would one provide a cfmx-only solution (no .Net) for a 'CAPTCHA' > solution. Any ideas would be appreciated. > > > http://www.devx.com/dotnet/Article/21308 > > TIA, > Patrick Whittingham > United Space Alliance [Todays Threads] [This Message] [Subscription] [Fast Unsubscribe] [User Settings] [Donations and Support]
Re: cfmx and CAPTCHA
Sorry Matt, didn't see that. Thanks! Matt Liotta wrote: > http://sourceforge.net/project/showfiles.php? > group_id=100854&package_id=108545 [Todays Threads] [This Message] [Subscription] [Fast Unsubscribe] [User Settings] [Donations and Support]
Re: cfmx and CAPTCHA
http://sourceforge.net/project/showfiles.php? group_id=100854&package_id=108545 -Matt On Jun 16, 2004, at 4:47 PM, Bryan F. Hogan wrote: > p.s. Matt's code here is what I use. It would be nice if Matt could > compile it so for someone writing up the steps involved with building > a > CAPTCHA implementation, doesn't have to trust that someone will know > how > to compile Java. ;-) > > Matt Liotta wrote: > > > The code needed to produce an image from a string has already been > > created. > > > > > http://cvs.sourceforge.net/viewcvs.py/*checkout*/openxcf/javacfx/src/ > > net/sourceforge/openxcf/javacfx/ImageString.java?content- > > type=text%2Fplain&rev=1.1 > [Todays Threads] [This Message] [Subscription] [Fast Unsubscribe] [User Settings] [Donations and Support]
Re: cfmx and CAPTCHA
And of course the spider can read that text and pass it to the validateEntry function and post to your form over, and over, and over again. Anything stored in the page can be read and posted as if it where typed in by the user. Adam Howitt wrote: > A web service called Obfuscater.cfc with 2 methods: > 1. imageType getImage(String myRandomNumber) > This uses cfcontent to create an image based on the random number, > pick a word to use and send it back to the browser as an image. > 2. boolean validateEntry(String myRandomNumber, String userGuess) > Regens the same word from part 1 with myRandomNumber and compares the > result to the userGuess and returns true or false. > > myRandomNumber is passed from page to page even as text since the > decode logic is all kept in the validateEntry piece. [Todays Threads] [This Message] [Subscription] [Fast Unsubscribe] [User Settings] [Donations and Support]
Re: cfmx and CAPTCHA
A web service called Obfuscater.cfc with 2 methods: 1. imageType getImage(String myRandomNumber) This uses cfcontent to create an image based on the random number, pick a word to use and send it back to the browser as an image. 2. boolean validateEntry(String myRandomNumber, String userGuess) Regens the same word from part 1 with myRandomNumber and compares the result to the userGuess and returns true or false. myRandomNumber is passed from page to page even as text since the decode logic is all kept in the validateEntry piece. - Original Message - From: Bryan F. Hogan <[EMAIL PROTECTED]> Date: Wed, 16 Jun 2004 16:23:27 -0400 Subject: Re: cfmx and CAPTCHA To: CF-Talk <[EMAIL PROTECTED]> Ok, ok, I've been holding off on this because I wanted to write something up about it. Here it is. 1. Find an image package that will allow you to create and write text on top of a image. 2. Create a file like below. image.cfm 4. Include a field the user can type into. 5. Action page check form field with session.captchaString. That's as simple as it gets. Whittingham, P wrote: > thanks...didn't know that. [Todays Threads] [This Message] [Subscription] [Fast Unsubscribe] [User Settings] [Donations and Support]
Re: cfmx and CAPTCHA
This seems pretty simple as a concept. First, generate a set of .gif files that represent each character that can be used in a hash. a.gif A.gif b.gif etc. Then on your page, show an image and a form field in randomimage.cfm, generate a text hash. save that on your server for this session. DO NOT PASS IT TO THE BROWSER. Take that text hash and build a list of alphabet samples. Use imagemajik to build a single graphic out of the string of graphics (I do not know thie specifics of how to do this, but it should be possible) Return that combined image using CFCONTENT Once the image is used, it should not be used again anytime soon. On the submission handler page, check to see if the text field matches the session variable to see if they got the match. Jerry Johnson >>> [EMAIL PROTECTED] 06/16/04 03:54PM >>> Hi All, How would one provide a cfmx-only solution (no .Net) for a 'CAPTCHA' solution. Any ideas would be appreciated. http://www.devx.com/dotnet/Article/21308 TIA, Patrick Whittingham United Space Alliance _ [Todays Threads] [This Message] [Subscription] [Fast Unsubscribe] [User Settings] [Donations and Support]
Re: cfmx and CAPTCHA
Ok, I'll trust ya. ;-) Whittingham, P wrote: > maybe another layer of security which might be used for internal blogs...:) [Todays Threads] [This Message] [Subscription] [Fast Unsubscribe] [User Settings] [Donations and Support]
Re: cfmx and CAPTCHA
p.s. Matt's code here is what I use. It would be nice if Matt could compile it so for someone writing up the steps involved with building a CAPTCHA implementation, doesn't have to trust that someone will know how to compile Java. ;-) Matt Liotta wrote: > The code needed to produce an image from a string has already been > created. > > http://cvs.sourceforge.net/viewcvs.py/*checkout*/openxcf/javacfx/src/ > net/sourceforge/openxcf/javacfx/ImageString.java?content- > type=text%2Fplain&rev=1.1 [Todays Threads] [This Message] [Subscription] [Fast Unsubscribe] [User Settings] [Donations and Support]
RE: cfmx and CAPTCHA
maybe another layer of security which might be used for internal blogs...:) Pat -Original Message- From: Bryan F. Hogan [mailto:[EMAIL PROTECTED] Sent: Wednesday, June 16, 2004 4:43 PM To: CF-Talk Subject: Re: cfmx and CAPTCHA If it's an intranet and you have proper login, etc implemented, why are you even worried about a captcha image? Whittingham, P wrote: > this is on an intranet, so I don't have worry about a spiderexcept > ours:) _ [Todays Threads] [This Message] [Subscription] [Fast Unsubscribe] [User Settings] [Donations and Support]
Re: cfmx and CAPTCHA
If it's an intranet and you have proper login, etc implemented, why are you even worried about a captcha image? Whittingham, P wrote: > this is on an intranet, so I don't have worry about a spiderexcept > ours:) [Todays Threads] [This Message] [Subscription] [Fast Unsubscribe] [User Settings] [Donations and Support]
Re: cfmx and CAPTCHA
Burns, John D wrote: > Yes, but if that hidden form field is generated automatically and is > truly unique per user, what harm is there? The spider can read the string and post what ever it wants to your form for that request and keep doing it over and over and over again. Couldn't a spider just as > easily pick up a session var? Now this is where I'm not 100% sure. I have been doing some research and as far as I can tell it can not. I'm open to be proven wrong. After all, it has to hit the first page > to "read" the image and then post, so it could do so in the same > session. That is only usefull if a spider can read the session. It would not even have to worry about the image if it could read the session. It could however decode your image and try and figure it out from there. But most of the time, nobody is going to spend that much time. Nothing is 100% but you make it as difficult as possible. > > Another good thing might be to push all of your images down using > so that they all appear as "image.gif" and then it will be > harder to map an image to a correct response. Either way, the only way it would matter is if the spider could read the session. If it can it doesn't have to worry about the image. However, the tax on the > server of creating dynamic images for every request seems absurd. You know how many IO operations happen in CFMX during a request? A lot, it really isn't any more taxing that displaying the image itself. For most sites, it would not even be noticable. And if it becomes, you just upgrade the server. [Todays Threads] [This Message] [Subscription] [Fast Unsubscribe] [User Settings] [Donations and Support]
RE: cfmx and CAPTCHA
this is on an intranet, so I don't have worry about a spiderexcept ours:) Pat -Original Message- From: Burns, John D [mailto:[EMAIL PROTECTED] Sent: Wednesday, June 16, 2004 4:29 PM To: CF-Talk Subject: RE: cfmx and CAPTCHA Yes, but if that hidden form field is generated automatically and is truly unique per user, what harm is there? Couldn't a spider just as easily pick up a session var? After all, it has to hit the first page to "read" the image and then post, so it could do so in the same session. Another good thing might be to push all of your images down using so that they all appear as "image.gif" and then it will be harder to map an image to a correct response. However, the tax on the server of creating dynamic images for every request seems absurd. John -Original Message- From: Bryan F. Hogan [mailto:[EMAIL PROTECTED] Sent: Wednesday, June 16, 2004 4:25 PM To: CF-Talk Subject: Re: cfmx and CAPTCHA Ok this is the second time I have heard someone say to pass the string in a hidden form field. DO NOT DO IT. A spider can download the html and read that string and pass that as the field. Burns, John D wrote: > It shouldn't be hard. You don't necessarily need to create the images > on the fly. Just create a bunch of them once. Then associate the > file name with the correct answer in the DB. Each time you display a > file to the user, generate another unique id mapping the particular > display to that particular user with a record from the other table > that has the filename and correct answer. Display the image to the > person and hide the unique id (in session or hidden form). Then when > submitted, check that session to find out which image was passed and > compare their response with the correct string. Remove the record > from the DB so they can't submit multiple times with the same info. > Just my thoughts, there may be an easier way. _ [Todays Threads] [This Message] [Subscription] [Fast Unsubscribe] [User Settings] [Donations and Support]
Re: cfmx and CAPTCHA
Yes Flash can be decompiled. So can an image. And there is no captcha string truly unique that can't eventually be figured out. You just make it as difficult as possible. Your idea would work, but an image is better because it is compiled. And flash you're passing the data in somehow that can be caught. Doug James wrote: > A thought just struck me so it is a bit off the top of my head, read may > not be totally thought through. > > If one is to believe MM and that 70%+ of the worlds browser have a flash > plug-in loaded, could one use flash remoting to create a standard flash > still image then use CF to put random letters on top of the image? Can > automated scripts decipher flash movies? [Todays Threads] [This Message] [Subscription] [Fast Unsubscribe] [User Settings] [Donations and Support]
Re: cfmx and CAPTCHA
The code needed to produce an image from a string has already been created. http://cvs.sourceforge.net/viewcvs.py/*checkout*/openxcf/javacfx/src/ net/sourceforge/openxcf/javacfx/ImageString.java?content- type=text%2Fplain&rev=1.1 -Matt On Jun 16, 2004, at 4:23 PM, Bryan F. Hogan wrote: > Ok, ok, I've been holding off on this because I wanted to write > something up about it. Here it is. > > 1. Find an image package that will allow you to create and write text > on > top of a image. > > 2. Create a file like below. > > image.cfm > > > > > > > > > > > > > 4. Include a field the user can type into. > > 5. Action page check form field with session.captchaString. > > That's as simple as it gets. > > Whittingham, P wrote: > > > thanks...didn't know that. > [Todays Threads] [This Message] [Subscription] [Fast Unsubscribe] [User Settings] [Donations and Support]
RE: cfmx and CAPTCHA
Yes, but if that hidden form field is generated automatically and is truly unique per user, what harm is there? Couldn't a spider just as easily pick up a session var? After all, it has to hit the first page to "read" the image and then post, so it could do so in the same session. Another good thing might be to push all of your images down using so that they all appear as "image.gif" and then it will be harder to map an image to a correct response. However, the tax on the server of creating dynamic images for every request seems absurd. John -Original Message- From: Bryan F. Hogan [mailto:[EMAIL PROTECTED] Sent: Wednesday, June 16, 2004 4:25 PM To: CF-Talk Subject: Re: cfmx and CAPTCHA Ok this is the second time I have heard someone say to pass the string in a hidden form field. DO NOT DO IT. A spider can download the html and read that string and pass that as the field. Burns, John D wrote: > It shouldn't be hard. You don't necessarily need to create the images > on the fly. Just create a bunch of them once. Then associate the > file name with the correct answer in the DB. Each time you display a > file to the user, generate another unique id mapping the particular > display to that particular user with a record from the other table > that has the filename and correct answer. Display the image to the > person and hide the unique id (in session or hidden form). Then when > submitted, check that session to find out which image was passed and > compare their response with the correct string. Remove the record > from the DB so they can't submit multiple times with the same info. > Just my thoughts, there may be an easier way. [Todays Threads] [This Message] [Subscription] [Fast Unsubscribe] [User Settings] [Donations and Support]
Re: cfmx and CAPTCHA
A thought just struck me so it is a bit off the top of my head, read may not be totally thought through. If one is to believe MM and that 70%+ of the worlds browser have a flash plug-in loaded, could one use flash remoting to create a standard flash still image then use CF to put random letters on top of the image? Can automated scripts decipher flash movies? Just a thought. Doug Whittingham, P wrote: >Hi All, > > How would one provide a cfmx-only solution (no .Net) for a 'CAPTCHA' solution. Any ideas would be appreciated. > >http://www.devx.com/dotnet/Article/21308 > > >TIA, >Patrick Whittingham >United Space Alliance > > > _ > > > > [Todays Threads] [This Message] [Subscription] [Fast Unsubscribe] [User Settings] [Donations and Support]
Re: cfmx and CAPTCHA
Ok this is the second time I have heard someone say to pass the string in a hidden form field. DO NOT DO IT. A spider can download the html and read that string and pass that as the field. Burns, John D wrote: > It shouldn't be hard. You don't necessarily need to create the images > on the fly. Just create a bunch of them once. Then associate the file > name with the correct answer in the DB. Each time you display a file to > the user, generate another unique id mapping the particular display to > that particular user with a record from the other table that has the > filename and correct answer. Display the image to the person and hide > the unique id (in session or hidden form). Then when submitted, check > that session to find out which image was passed and compare their > response with the correct string. Remove the record from the DB so they > can't submit multiple times with the same info. Just my thoughts, there > may be an easier way. [Todays Threads] [This Message] [Subscription] [Fast Unsubscribe] [User Settings] [Donations and Support]
Re: cfmx and CAPTCHA
Ok, ok, I've been holding off on this because I wanted to write something up about it. Here it is. 1. Find an image package that will allow you to create and write text on top of a image. 2. Create a file like below. image.cfm 4. Include a field the user can type into. 5. Action page check form field with session.captchaString. That's as simple as it gets. Whittingham, P wrote: > thanks...didn't know that. [Todays Threads] [This Message] [Subscription] [Fast Unsubscribe] [User Settings] [Donations and Support]
RE: cfmx and CAPTCHA
It shouldn't be hard. You don't necessarily need to create the images on the fly. Just create a bunch of them once. Then associate the file name with the correct answer in the DB. Each time you display a file to the user, generate another unique id mapping the particular display to that particular user with a record from the other table that has the filename and correct answer. Display the image to the person and hide the unique id (in session or hidden form). Then when submitted, check that session to find out which image was passed and compare their response with the correct string. Remove the record from the DB so they can't submit multiple times with the same info. Just my thoughts, there may be an easier way. John -Original Message- From: Rick Root [mailto:[EMAIL PROTECTED] Sent: Wednesday, June 16, 2004 4:11 PM To: CF-Talk Subject: Re: cfmx and CAPTCHA Whittingham, P wrote: > > How would one provide a cfmx-only solution (no .Net) for a 'CAPTCHA' > solution. Any ideas would be appreciated. This has been posted and discussed many times since I've been on the list. I have yet to see anyone suggest specifics on how to do it though. It shouldn't be too hard to use JAI or ImageMagick or something similar though to generate an image with text using a funky font then overlay the image with another image to confuse OCR software... I think you'd store the image text in a database, and pass some kind of ID in the form as a hidden field, then on submission, look for that ID in the database and compare the text in the database to what the user typed in. Again, it's all theoretical. Maybe someday, someone will write such a tool and share with all of us how they did it. - Rick [Todays Threads] [This Message] [Subscription] [Fast Unsubscribe] [User Settings] [Donations and Support]
RE: cfmx and CAPTCHA
thanks...didn't know that. Pat -Original Message- From: Rick Root [mailto:[EMAIL PROTECTED] Sent: Wednesday, June 16, 2004 4:11 PM To: CF-Talk Subject: Re: cfmx and CAPTCHA Whittingham, P wrote: > > How would one provide a cfmx-only solution (no .Net) for a 'CAPTCHA' > solution. Any ideas would be appreciated. This has been posted and discussed many times since I've been on the list. I have yet to see anyone suggest specifics on how to do it though. It shouldn't be too hard to use JAI or ImageMagick or something similar though to generate an image with text using a funky font then overlay the image with another image to confuse OCR software... I think you'd store the image text in a database, and pass some kind of ID in the form as a hidden field, then on submission, look for that ID in the database and compare the text in the database to what the user typed in. Again, it's all theoretical. Maybe someday, someone will write such a tool and share with all of us how they did it. - Rick _ [Todays Threads] [This Message] [Subscription] [Fast Unsubscribe] [User Settings] [Donations and Support]
Re: cfmx and CAPTCHA
Whittingham, P wrote: > > How would one provide a cfmx-only solution (no .Net) for a 'CAPTCHA' > solution. Any ideas would be appreciated. This has been posted and discussed many times since I've been on the list. I have yet to see anyone suggest specifics on how to do it though. It shouldn't be too hard to use JAI or ImageMagick or something similar though to generate an image with text using a funky font then overlay the image with another image to confuse OCR software... I think you'd store the image text in a database, and pass some kind of ID in the form as a hidden field, then on submission, look for that ID in the database and compare the text in the database to what the user typed in. Again, it's all theoretical. Maybe someday, someone will write such a tool and share with all of us how they did it. - Rick [Todays Threads] [This Message] [Subscription] [Fast Unsubscribe] [User Settings] [Donations and Support]