> Any break on your Image Manipulation CFC for fellow CF-Talkers? Just
> figured I'd ask :-)
>
> John
>
> -Original Message-
> From: Doug Hughes [mailto:[EMAIL PROTECTED]
> Sent: Monday, June 21, 2004 11:57 AM
> To: CF-Talk
> Subject: Re: cfmx and CAPTCH
-
From: Burns, John D
To: CF-Talk
Sent: Monday, June 21, 2004 12:44 PM
Subject: RE: cfmx and CAPTCHA
Doug,
Any break on your Image Manipulation CFC for fellow CF-Talkers? Just
figured I'd ask :-)
John
-Original Message-
From: Doug Hughes [mailto:[EMAIL PROT
Doug,
Any break on your Image Manipulation CFC for fellow CF-Talkers? Just
figured I'd ask :-)
John
-Original Message-
From: Doug Hughes [mailto:[EMAIL PROTECTED]
Sent: Monday, June 21, 2004 11:57 AM
To: CF-Talk
Subject: Re: cfmx and CAPTCHA
1) Hi Joe!
2) I talked to Ben Forta
tried it ;-)
>
> KOla
>
> -Original Message-
> From: Dave Watts [mailto:[EMAIL PROTECTED]
> Sent: 18 June 2004 13:43
> To: CF-Talk
> Subject: RE: cfmx and CAPTCHA
>
> > why don't CFC instances go across cluster members?
>
> I don't really know wh
Apparently Blue dragon can but I haven't tried it ;-)
KOla
-Original Message-
From: Dave Watts [mailto:[EMAIL PROTECTED]
Sent: 18 June 2004 13:43
To: CF-Talk
Subject: RE: cfmx and CAPTCHA
> why don't CFC instances go across cluster members?
I don't really k
> why don't CFC instances go across cluster members?
I don't really know why they don't, just that they don't. I suspect that
JRun has some sort of serializer to write its own session variables to
strings, and that this serializer doesn't know what to do with CFC
instances, but I really don't know
ge-
From: Dave Watts [mailto:[EMAIL PROTECTED]
Sent: Fri 6/18/2004 8:34 AM
To: CF-Talk
Cc:
Subject: RE: cfmx and CAPTCHA
> Session variables are useless on clustered servers (no
> lectures on sticky sessions please they are a waste of
> time)
I won't lecture
> Session variables are useless on clustered servers (no
> lectures on sticky sessions please they are a waste of
> time)
I won't lecture you, but I would like to point out that you can share
Session variables across cluster members using CFMX on Jrun, although you
can't use CFC instances within
Ryan, anyway we can change the background image with your tag?
Ryan Emerle wrote:
> I have posted the tag i created on my site. You can grab a copy from here:
>
> http://www.emerle.net/programming/display.cfm/t/cfx_captcha
>
> Included is an example file which shows how you can use session var
> I'm not saying it ever receives that variable. However,
> CF somehow associates that session with that client,
> therefore, the spider appears to be a valid client.
I would go a step farther and say that it is a valid client. There's no
difference between one HTTP client and another, from the
Burns, John D wrote:
> Well, I'm just trying to figure out why it wouldn't be easier to have a
> unique string passed with each request that is also tied to the correct
> "answer" for the image.
There is nothing wrong with that if you store it in the session.
That way, the spider could not pos
ld even
rule out the brute force attempt.
John
-Original Message-
From: Bryan F. Hogan [mailto:[EMAIL PROTECTED]
Sent: Thursday, June 17, 2004 10:57 AM
To: CF-Talk
Subject: Re: cfmx and CAPTCHA
It could loop over the URL. But if the string for the image is stored in
the session and com
It could loop over the URL. But if the string for the image is stored in
the session and compiled into the image, the only way it could figure it
out would to be use brute force (guessing over and over again),
decompiling the image and trying to read what is the text, or using OCR.
1 and 2 are
AM
To: CF-Talk
Subject: Re: cfmx and CAPTCHA
CFID and CFTOKEN are stored for that session. CF maps that internally to
the to retrieve the session.
Even if the spider read the CFID and CFTOKEN values, there is no way it
could then tell CF to try and map it to retrieve the session. And even
if it
CFID and CFTOKEN are stored for that session. CF maps that internally to
the to retrieve the session.
Even if the spider read the CFID and CFTOKEN values, there is no way it
could then tell CF to try and map it to retrieve the session. And even
if it could, it couldn' read the value of the sess
Since when can you store the session in anything other than memory?
It's client variables that you can change the storage mechanism for.
Thomas Chiverton wrote:
> If you use cookies as your session storage, yes.
[Todays Threads]
[This Message]
[Subscription]
[Fast Unsubscribe]
[User Set
On Thursday 17 Jun 2004 15:30 pm, Pascal Peters wrote:
> AFAIK you can use cookies for client staorage but not for session
> storage
:blaims liquid lunch and goes back to the corner :-)
--
Tom Chiverton
Advanced ColdFusion Programmer
Tel: +44(0)1749 834997
email: [EMAIL PROTECTED]
BlueFinger L
AFAIK you can use cookies for client staorage but not for session
storage
> -Original Message-
> From: Thomas Chiverton [mailto:[EMAIL PROTECTED]
> Sent: donderdag 17 juni 2004 16:27
> To: CF-Talk
> Subject: Re: cfmx and CAPTCHA
>
> On Thursday 17 Jun 2004 15:
ie or token or something) to keep the session alive, and
couldn't the browser/spider spoof that?
John
-Original Message-
From: Bryan F. Hogan [mailto:[EMAIL PROTECTED]
Sent: Thursday, June 17, 2004 10:16 AM
To: CF-Talk
Subject: Re: cfmx and CAPTCHA
A session value passes in a H
Good, just making sure that I haven't been making myself sound like an a**
> That's correct. Neither can a browser. All a browser can do is send
> identifying tokens like cookies or URL variables back to the server, which
> can then read Session variables and use them within the program that
> gen
On Thursday 17 Jun 2004 15:16 pm, Bryan F. Hogan wrote:
> A session value passes in a HTTP header?
If you use cookies as your session storage, yes.
--
Tom Chiverton
Advanced ColdFusion Programmer
Tel: +44(0)1749 834997
email: [EMAIL PROTECTED]
BlueFinger Limited
Underwood Business Park
Wookey
> > A spider is nothing more than another HTTP client. It can
> > do anything that any HTTP client can do, and it can't do
> > things that HTTP doesn't allow. So, to answer a question
> > like this, all you have to do is ask "can I do that with
> > a browser". If yes, then it can be done with a
I like yours Ryan. I would try and make the key a little stronger.
Ryan Emerle wrote:
> I have posted the tag i created on my site. You can grab a copy from here:
>
> http://www.emerle.net/programming/display.cfm/t/cfx_captcha
>
> Included is an example file which shows how you can use session
A session value passes in a HTTP header?
Burns, John D wrote:
> I don't think he's saying that the spider can _read_ the session var,
> but if you set one and it is passed to the next page, the spider will
> have it and then all it needs to do is figure out the image.
[Todays Threads]
[This Me
I have posted the tag i created on my site. You can grab a copy from here:
http://www.emerle.net/programming/display.cfm/t/cfx_captcha
Included is an example file which shows how you can use session variables.
Basically, the example file will act as an image. You simply add an
IMG tag pointing
TED]
Sent: Thursday, June 17, 2004 9:19 AM
To: CF-Talk
Subject: Re: cfmx and CAPTCHA
> A spider is nothing more than another HTTP client. It can do anything
> that any HTTP client can do, and it can't do things that HTTP doesn't
> allow. So, to answer a question like this, all
Once submitted, you clear out the record with the
unique id from the database so the person can't submit multiple requests
with the same unique id and image text.
John
-Original Message-
From: Dave Watts [mailto:[EMAIL PROTECTED]
Sent: Wednesday, June 16, 2004 7:02 PM
To: CF-Talk
Subject
Aren't there a finite number of different combinations of a number
between 1 and 6? And you're saving that variable to the page? If so that
can be picked up and eventually guessed.
Adam Hope wrote:
> Create a Java CFX which randomly uses a True Type Font from a zip file
> and randomly picks 6 c
> A spider is nothing more than another HTTP client. It can do anything that
> any HTTP client can do, and it can't do things that HTTP doesn't allow. So,
> to answer a question like this, all you have to do is ask "can I do that
> with a browser". If yes, then it can be done with a spider, and if
Hi All,
After having read through everyones posts here is how I actually did it
and its currently running today on a site that gets 2000 new
registrations a day. BTW this will run on CF 4.5 and up:
Create a Java CFX which randomly uses a True Type Font from a zip file
and randomly picks 6 cha
Take a look here: http://www.emerle.net/comments/view.cfm/p/152
- Original Message -
From: Whittingham, P <[EMAIL PROTECTED]>
Date: Wed, 16 Jun 2004 15:54:39 -0400
Subject: cfmx and CAPTCHA
To: CF-Talk <[EMAIL PROTECTED]>
Hi All,
How would one provide a cfmx-only solution (no .Net) for
Dave Watts wrote:
> > > Couldn't a spider just as easily pick up a session var?
> >
> > Now this is where I'm not 100% sure. I have been doing some
> > research and as far as I can tell it can not. I'm open to be
> > proven wrong.
Since session variables are stored in memory on the server, th
> > Couldn't a spider just as easily pick up a session var?
>
> Now this is where I'm not 100% sure. I have been doing some
> research and as far as I can tell it can not. I'm open to be
> proven wrong.
A spider is nothing more than another HTTP client. It can do anything that
any HTTP client c
It depends on how random your number was. Because that number can be
extracted and algorithms written to guess what string would be returned.
And it could keep doing this over and over again.
So if your number is near unique and sufficiently long such as a uuid
and also be able to be converted
4567 it differs from the other
function value so it fails.
Which part of this would fail?
- Original Message -
From: Bryan F. Hogan <[EMAIL PROTECTED]>
Date: Wed, 16 Jun 2004 17:06:35 -0400
Subject: Re: cfmx and CAPTCHA
To: CF-Talk <[EMAIL PROTECTED]>
And of course the sp
Check out this posting for a Java CFX custom CAPTCHA solution from Ryan
Emerle:
http://www.emerle.net/comments/view.cfm/p/152
> -Original Message-
> From: Whittingham, P [mailto:[EMAIL PROTECTED]
> Sent: Wednesday, June 16, 2004 3:55 PM
> To: CF-Talk
> Subject: cfmx and CAPTCHA
>
> Hi Al
Sorry Matt, didn't see that. Thanks!
Matt Liotta wrote:
> http://sourceforge.net/project/showfiles.php?
> group_id=100854&package_id=108545
[Todays Threads]
[This Message]
[Subscription]
[Fast Unsubscribe]
[User Settings]
[Donations and Support]
http://sourceforge.net/project/showfiles.php?
group_id=100854&package_id=108545
-Matt
On Jun 16, 2004, at 4:47 PM, Bryan F. Hogan wrote:
> p.s. Matt's code here is what I use. It would be nice if Matt could
> compile it so for someone writing up the steps involved with building
> a
> CAPTCH
And of course the spider can read that text and pass it to the
validateEntry function and post to your form over, and over, and over again.
Anything stored in the page can be read and posted as if it where typed
in by the user.
Adam Howitt wrote:
> A web service called Obfuscater.cfc with 2 me
AIL PROTECTED]>
Date: Wed, 16 Jun 2004 16:23:27 -0400
Subject: Re: cfmx and CAPTCHA
To: CF-Talk <[EMAIL PROTECTED]>
Ok, ok, I've been holding off on this because I wanted to write
something up about it. Here it is.
1. Find an image package that will allow you to create and write
This seems pretty simple as a concept.
First, generate a set of .gif files that represent each character that can be used in a hash.
a.gif
A.gif
b.gif
etc.
Then on your page, show an image and a form field
in randomimage.cfm, generate a text hash. save that on your server for this session. DO
Ok, I'll trust ya. ;-)
Whittingham, P wrote:
> maybe another layer of security which might be used for internal blogs...:)
[Todays Threads]
[This Message]
[Subscription]
[Fast Unsubscribe]
[User Settings]
[Donations and Support]
p.s. Matt's code here is what I use. It would be nice if Matt could
compile it so for someone writing up the steps involved with building a
CAPTCHA implementation, doesn't have to trust that someone will know how
to compile Java. ;-)
Matt Liotta wrote:
> The code needed to produce an image fro
maybe another layer of security which might be used for internal blogs...:)
Pat
-Original Message-
From: Bryan F. Hogan [mailto:[EMAIL PROTECTED]
Sent: Wednesday, June 16, 2004 4:43 PM
To: CF-Talk
Subject: Re: cfmx and CAPTCHA
If it's an intranet and you have proper login
If it's an intranet and you have proper login, etc implemented, why are
you even worried about a captcha image?
Whittingham, P wrote:
> this is on an intranet, so I don't have worry about a spiderexcept
> ours:)
[Todays Threads]
[This Message]
[Subscription]
[Fast Unsubscribe]
Burns, John D wrote:
> Yes, but if that hidden form field is generated automatically and is
> truly unique per user, what harm is there?
The spider can read the string and post what ever it wants to your form
for that request and keep doing it over and over and over again.
Couldn't a spider jus
this is on an intranet, so I don't have worry about a spiderexcept ours:)
Pat
-Original Message-
From: Burns, John D [mailto:[EMAIL PROTECTED]
Sent: Wednesday, June 16, 2004 4:29 PM
To: CF-Talk
Subject: RE: cfmx and CAPTCHA
Yes, but if that hidden form field is gene
Yes Flash can be decompiled. So can an image. And there is no captcha
string truly unique that can't eventually be figured out. You just make
it as difficult as possible.
Your idea would work, but an image is better because it is compiled. And
flash you're passing the data in somehow that can b
The code needed to produce an image from a string has already been
created.
http://cvs.sourceforge.net/viewcvs.py/*checkout*/openxcf/javacfx/src/
net/sourceforge/openxcf/javacfx/ImageString.java?content-
type=text%2Fplain&rev=1.1
-Matt
On Jun 16, 2004, at 4:23 PM, Bryan F. Hogan wrote:
> Ok
essage-
From: Bryan F. Hogan [mailto:[EMAIL PROTECTED]
Sent: Wednesday, June 16, 2004 4:25 PM
To: CF-Talk
Subject: Re: cfmx and CAPTCHA
Ok this is the second time I have heard someone say to pass the string
in a hidden form field.
DO NOT DO IT. A spider can download the html and read that st
A thought just struck me so it is a bit off the top of my head, read may
not be totally thought through.
If one is to believe MM and that 70%+ of the worlds browser have a flash
plug-in loaded, could one use flash remoting to create a standard flash
still image then use CF to put random letters
Ok this is the second time I have heard someone say to pass the string
in a hidden form field.
DO NOT DO IT. A spider can download the html and read that string and
pass that as the field.
Burns, John D wrote:
> It shouldn't be hard. You don't necessarily need to create the images
> on the fl
Ok, ok, I've been holding off on this because I wanted to write
something up about it. Here it is.
1. Find an image package that will allow you to create and write text on
top of a image.
2. Create a file like below.
image.cfm
4. Include a field the user can type into.
5. Action p
ect string. Remove the record from the DB so they
can't submit multiple times with the same info. Just my thoughts, there
may be an easier way.
John
-Original Message-
From: Rick Root [mailto:[EMAIL PROTECTED]
Sent: Wednesday, June 16, 2004 4:11 PM
To: CF-Talk
Subject: Re: c
thanks...didn't know that.
Pat
-Original Message-
From: Rick Root [mailto:[EMAIL PROTECTED]
Sent: Wednesday, June 16, 2004 4:11 PM
To: CF-Talk
Subject: Re: cfmx and CAPTCHA
Whittingham, P wrote:
>
> How would one provide a cfmx-only solution (no .Net) for a 'CAPT
Whittingham, P wrote:
>
> How would one provide a cfmx-only solution (no .Net) for a 'CAPTCHA'
> solution. Any ideas would be appreciated.
This has been posted and discussed many times since I've been on the list.
I have yet to see anyone suggest specifics on how to do it though.
It shouldn'
56 matches
Mail list logo
