Phillip Jones wrote:

> Beauregard T. Shagnasty wrote:
>> Phillip Jones wrote:
>>> Beauregard T. Shagnasty wrote:
>>>> So what is "Googel" going to do with your association members'
>>>> names? Steal their bank accounts?
>>> 
>>> If Google owns and knows the captcha database,  then it will be
>>> easy to bypass the captcha and get private information. For example
>>> I want to be able to put a membership list of the members of the
>>> association: names, business names, addresses, Phones, emails for
>>> the members to view. Now because Google owns the best Captcha
>>> software company there is out there, there now, no secure method of
>>> doing so.
>> 
>> You need to explain how you were planning on using a CAPTCHA image
>> on the association's login page. Does it not already have a user
>> name and a password assigned to each member? How will a distorted
>> image give Google the user's password? 
>> 
>> I have a site with exactly what you state you want to do. It's for a
>> club. There is a Members Only portion of the site, and nobody can
>> enter it without knowing a user's name and individual password. What
>> good would a CAPTCHA do for a page like that?  Did you ever have to
>> enter a CAPTCHA value when you log into your bank's pages for your
>> account details? 
>> 
>> If you are *not* using name and password access, it's your fault if
>> the private information is compromised. 
>> 
>> Google, nor any other search engine, cannot access my site. 
> 
> there are sections of website the association wants everyone to see.

Great. The public part of the web site.

> But then there would be one section the Members-Only section should
> be hidden from view of Google and other  items such as Yahoo ,
> Altavista an so on. 

Yeah, search engines. Great. What about non-members?

> using a Captcha does the same thing as using a username and password
> without the need for such and until Google bought  the leading
> captcha software developer, It was as secure as having a user name
> and password.

Thanks for proving you don't know what a CAPTCHA is - or how to design a
secure web site.

It's a Turing test [1]. Are you a human or a robot? Unfortunately,
CAPTCHA images have been cracked by bots. They are no longer secure.

They will not keep out the general public, so what made you think you
would have a private, members only section accessible only to the
members? If any human on the planet goes to your entry page they can
interpret the distorted image and gain access to your 'private'
information.

What happens if one of your members sends the link of the interior page
where your association members are listed?  Will random access to that
page redirect them back to the 'login' page?

You *need* a username and password to keep - not only Google - but the
_general public_ out of your private pages. And each and every single
page inside the members-only section has to check and see if the user is
logged in. Otherwise, it needs to send them to members/login.

You should tell your association that you don't understand or know how
to write a private web site.

[1. Did you have to look that up? ]

-- 
   -bts
   -Four wheels carry the body; two wheels move the soul
_______________________________________________
support-seamonkey mailing list
support-seamonkey@lists.mozilla.org
https://lists.mozilla.org/listinfo/support-seamonkey

Reply via email to